Hmmm... no. If you check the box in Voyager to let FW-1 handle the routing
you shouldn't need additional ACL's on the Nokia assuming you are not doing
any additional routing with it. Even then, you should be able to define how
you want the routing accessed via the policy since the Inspect engine shims
in below layer 3.
Carric Dooley
Network Security Consultant
"I have often regretted my speech, never my silence."
- Xenocrates (396-314 B.C.)
----- Original Message -----
From: "D H" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 08, 2000 8:07 PM
Subject: [FW1] ACLs on Nokia
>
> Is it a necessary to run Nokia ACLs even if FW-1 in running? If so, should
> the ACLs be similar to the rules set up with the FW-1 security policy, or
is
> it useful in some other way?
>
> Just wondering what I should do with that option...
>
> -- DH
>
>
> -----Original Message-----
> From: hermit1 [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 08, 2000 4:30 PM
> To: Mayne, Peter; [EMAIL PROTECTED]
> Subject: Re: [FW1] High Availability: HA Module on NT vs Nokia
>
>
>
> The Nokia is not really a black box. First you need to treat it as a
> router - define VRRP, interfaces, routes or routing protocol, ACLs if
any,
> etc. If you aren't familiar with routing you will have trouble with
> this. Then you work with FW-1 on top of that. Make a couple of
allowances
> in the FW rules for the VRRP setup. It is probably worth it for an NT
shop
> to pay for the initial install.
>
> hermit1
>
>
> At 06:36 AM 6/9/00 +0800, Mayne, Peter wrote:
>
> >Assume I want to install a highly available firewall. The two options
under
> >consideration are a pair of Nokia systems using VRRP, and a pair of
Windows
> >NT systems with the CheckPoint HA module. A Solaris or other UNIX
solution
> >isn't being considered because an NT shop doesn't want to learn how to
> >manage a Solaris system, whereas a Nokia can presumably be treated like a
> >black box.
> >
> >Cost aside (since the Nokia solution seems to be cheaper), what are the
> >pros
> >and cons of one vs the other? Under what circumstances (if any) would I
> >prefer a particular Nokia or NT solution?
> >
> >
> >PJDM
> >----
> >Peter Mayne, Compaq Computer Australia, Canberra, ACT
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
