Richard,
Your firewall default route should be aimed at your
external router and the external router should have the
default gateway pointed outwards toward the Internet
interface. I would hope that your hide NATting for your
internal users. This way the external router will only have
the routes associated with both interfaces and the default
gateway. Your fw will have routes associated with it's
interfaces and a default route. If you have more internal
networks, then you may need to add these as routes on
the firewall as needed.
For your clients(in your design as shown), they
should have the default route be pointed at the
internal interface of the fw. Again, if you have more
internal networks, then I would configure the clients
systems with those, and you won't burden the fw with
traffic that stays inside your environment.
HTH,
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Thornton, Richard" <[EMAIL PROTECTED]> 9/28/00 10:29:16 AM >>>
>
>hi group
>
>is there a document that I can use to ensure I configure the IP forwarding
>part of NT correctly for Firewall-1 at the moment my configuration is as
>follows:
>
>internet router (195.104.x.x)
> |
>firewall
>external i/f (195.104.x.x)
>internal i/f (195.44.x.x)
> |
>clients (195.44.x.x)
>
>I have configured the interfaces with ip and subnet masks and enabled ip
>forwarding, i have not configured default gateways as I am not sure on the
>recommended method for this and i only have my firewall name and ip in the
>hosts file.
>
>many thanks
>
>richard thornton
>edinburgh, scotland
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
