Re: [FW1] My fw doesn't route!

Fri, 25 Aug 2000 08:29:45 -0700 


You need to add routes on your firewall to see both the networks, as far
as I know checkpoint doesn't detect other networks and build routes to
them. 

Rick

Paul Hessels wrote:
> 
> Sorry if this is a dumb question.  My firewall isn't routing, shouldn't it be?
> 
> I have a Sun 220R running Solaris 2.6 w/patches and FW-1 4.1 w/service packs.
> 
> I have a policy installed of: any any any allow short.
> 
> This is my network layout:
>                  [143 subnet]
>                       |
>                       |
>                       |
> [144 subnet]---[internal router]---[      fw     ]---[external router]
>                [ 123.123.143.1 ]   [ 123.123.1.4 ]   [  123.123.1.1  ]
>                [  123.123.2.1  ]   [ 123.123.2.4 ]
>                [ 123.123.145.1 ]   [123.123.146.1]
>                [ 123.123.144.1 ]           |
>                       |                    |
>                       |                    |
>                       |                    |
>                  [145 subnet]         [146 subnet]
> 
> -the internal router has a default gateway of 2.4(the firewalls IP)
> -the fw has a default gateway of 1.1(the external routers IP)
> -this is the routing table on the firewall:
> 123.123.2.0          123.123.2.4          U        2      3  qfe2
> 123.123.1.0          123.123.1.4          U        2      3  qfe3
> 123.123.146.0        123.123.146.1        U        2      3  qfe1
> 192.168.118.0        192.168.118.1        U        3      4  hme0
> 224.0.0.0            192.168.118.1        U        3      0  hme0
> default              123.123.1.1          UG       0   2235
> 127.0.0.1            127.0.0.1            UH       0   8170  lo0
> 
> The problem is, I can't communicate from internal clients, on the 144 for instance, 
>to the external router or to the 146 subnet.  Do I need to create routes on the fw 
>for the 144, 145 and 146 subnets?  Or should the fw software be doing that?  What 
>configuration do I need to set?  If I create a route on the fw, for the 146 for 
>instance, then it works, but it seems wrong.  Is it?
> --Paul
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

-- 
Rick McElroy            
Booz�Allen & Hamilton
1615 Murray Canyon Road
Suite 220
San Diego, CA 92108

619-725-6608


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to