According to phoneboy: "FireWall-1 listens for any IP-based traffic on all interfaces but ones deemed "external." In the NG release, external interfaces are defined in the firewall's workstation object, topology tab. Multiple external interfaces can be defined in NG, but FireWall-1 will not allow traffic to be routed between the external interfaces. In 4.1 and earlier releases, it is defined by the contents of the external.if file (see What to Put in $FWDIR/conf/external.if? for details). Only a single external interface is permitted in 4.1 and earlier releases."
So it would seem impossible to have both a DMZ with Public IPs and the external router interface with its Public IP in 4.1? Is anyone using a DMZ without NAT and with Public IPs in 4.1? Chris ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
