I found that I had to set this up with the DMZ and internal_networks objects as
valid for the DMZ interface, otherwise I couldn't access the proxy server located
there. I have DMZ objects NAT'd internally so I would have thought a "this net"
selection would have worked for the DMZ.
Regards
"Hoffmann, Axel" wrote:
> Hi Nick,
> you should set the valid addresses to a group containing every netwaork
> behind the corresponding interface. This group must contain the valid
> addresses of every statically NATted address.
>
> HTH
>
> Axel Hoffmann
> System Engineer
> ----------------------------------------------------------------------
> Eckmann Datentechnik Netzwerkservice Telindus GmbH
>
> Sylvesterallee 2
> D-22525 Hamburg
> ----------------------------------------------------------------------
> Email: [EMAIL PROTECTED]
> Tel: (+49) 40 54706 195
> Fax: (+49) 40 54706 111
> ----------------------------------------------------------------------
> Please visit our websites
> http://www.eckmann.de
> http://www.telindus.de
> ----------------------------------------------------------------------
>
> -----Urspr�ngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Im Auftrag von
> Nick Claassen
> Gesendet: Mittwoch, 5. Juli 2000 09:01
> An: [EMAIL PROTECTED]
> Betreff: [FW1] Anti-Spoofing
>
> Hi all
>
> I need some information on how to setup anti - spoofing !
>
> On my Firewall I have four interfaces (external,DMZ,local,link)
> I would like to know more about what the Valid IP Address Options means when
> you
> enable spoof - tracking. I have already look at www.phoneboy.com information
> on antispoofing.
>
> For my current setup I have chosen external(our Internet link through Cisco
> router ) to "Others".
> The other three links sits behind the Firewall but I am not certain on what
> Valid IP Address Options
> to choose for them.
> DMZ link to DNS server
> local link to proxy server
> link link to an external network
>
> If I choose "Any" for them, policies editor gives error !
> What should these links be set to when anti-spoof tracking is enabled ?
>
> Thanks
> Niek
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Declan McKibben
Project Manager
IT Development
RTE
Donnybrook
Dublin 4
Ireland
t +353-1-2083698
f +353-1-2083080
e [EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
