> > What happens if you have multiple firewalls (or multiple clusters of > > firewalls) that are not connected via VPN. Can IP's that > > are internal > > to one of the firewalls show up on the external interface of a > > different firewall?
> Something would be wrong if it did, how would your firewall > route it? There > should be some kind of NAT prior to this as external is considered the > internet. If you firewall's 'external' interface is not the > internet, then > perhaps you should be clearly defining what exists on that interface. > > Typically, you have internal addresses as per RFC 1918 that > are not routed > to you via the external interface. This is true if you assume the connection between firewalls is across a public network segment. In our environment, we have several firewalls, all on private networks. Only one of them has a connection to the internet. RFC1918 addresses that are internal to one, are external to another. That address space is complex enough that defining it specifically for the purposes of anti-spoofing isn't worth the effort. As noted by Bruce, the anti-spoofing configuration of one firewall has no effect on that of another, even when managed by the same Smart Center. Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
