They would only be treated as a subset of 192.168.2.0 if they were included in the same network based on netmask 255.255.0.0. That you couldn't do in your case since one network 2.0 is directly connected and 3.0 and 4.0 are not. So, yes, you would need to define objects and NAT rules for these networks, as well as provide static routes in the OS pointing to the gateway routers.
Hal Hal Dorsman Network Administrator Rocky Mountain Elk Foundation Missoula, Montana USA [EMAIL PROTECTED] (406)523-4576 > -----Original Message----- > From: Chris Covington [mailto:ccovington@;PLUSONE.COM] > Sent: Thursday, November 14, 2002 11:17 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] need to define all LAN networks? > > > Hi all, > > Let's say I have 3 routed /24 subnets in an internal network, > 192.168.2.0, 192.168.3.0, 192.168.4.0, with the router having an IP of > 192.168.2.1 (and 192.168.3.1, 192.168.4.1). The firewall is > 192.168.2.2. > > 192.168.2.0 is connected to eth-s3p1c0, is defined in FW-1, and I've > configured the static routes between the networks in Voyager (on the > IPSO platform). > > Do I also need to define the other 2 networks in FW-1, & NAT rules > between them, etc. or will they be treated as a subset of the > 192.168.2.0? > > Chris > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
