I am trying to prevent address spoofing and have reviewed the manuals about
Workstation security properties on each workstation/firewall interface but
can't figure out exactly how to implement what I want. Perhaps workstation
properties isn't even the correct place.
Basically this is my network (addresses changed a bit):
Internet
\
\
66.1.1.1 s1
Rtr
10.0.0.1 e1
\
\
\
10.0.0.2 e1 |
FW1 10.1.1.1 e2 - - - - |- - DMZ Machines on
10.1.1.0 network
10.2.1.1 e3 |
\
\
|--------------|
Internal networks on 10.2.0.0 thru 10.254.0.0
Basically I only want specific 10.x.x.x IP's to be let in via a GRE tunnel
from the internet on the S1 interface of the router. Think I need to
specify a rule for the 10.x.x.x IP on the e1 interface of the FW1.
I also only want certain 10.x.x.x networks to come into the e2 interface.
I don't want to specify every valid/invalid 10.x.x.x network. I would like
to apply the firewall rules to a specific interface of the FW1 firewall as in:
Let 10.100.x.x in thru FW1 e1 but stop everything else.
Let 10.1.1..x into e2 but stop everything else. It is also possible that
e2 may have other networks cascaded off it and they need to be allowed into
e2 as well.
Right now I am unable to specify an 'inside' or 'outside' so I either
permit all 10's anywhere or deny them everywhere.
Would appreciate any assistance on this.
Thx,
Dean
Dean Landis II
Landis.net
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
