Re: [FW1] Multicast on Firewall-1

Fri, 04 May 2001 22:34:10 -0700 




Hello Jenny,

I'm not sure about Firewall-1 4.0 on Solaris - I have configured multicast IP
traffic through a Firewall-1 4.1 SP3 on Windows 2000.

1. Configure the server to route multicast IP traffic - before loading a
security policy on it
2. Create a network object  (of type network) whose IP address is 224.0.0.0 with
a netmask of 240.0.0.0 (all legal multicast addresses), associate this object
with your FW internel and external interfaces if you have set up your FW to
prevent address spoofing.
3. Create a network object (type Workstation) for the server transmitting the
multicast traffic and the PC(s) that will be receiving it.
4. Now add 2 rules to your rulebase:-

Source         Multicast Server
Destination    Multicast Network Object (Type Network)
Service        Any
Action         Accept
Track          Long

Source         PC(s)
Destination    Multicast Server
Service        HTTP
Action         Accept
Track          Long

5. You can modify the Destination address on the first rule by looking at your
log and finding out what the multicast IP destination address is.
6. You can also modfiy the Service on the first rule by looking at the ports in
use and only allowing these through.

Regards,

Julian Hayward



|--------+-------------------------------->
|        |          CATHERALL JENNY       |
|        |          <JENNY.CATHERALL@forti|
|        |          sbank.com>            |
|        |                                |
|        |          03/05/2001 10:01      |
|        |                                |
|--------+-------------------------------->
  >----------------------------------------------------------------------------|
  |                                                                            |
  |       To:     "'[EMAIL PROTECTED]'"                 |
  |       <[EMAIL PROTECTED]>                       |
  |       cc:     (bcc: Julian Hayward/LON/GB/Reuters)                         |
  |       Subject:     [FW1] Multicast on Firewall-1                           |
  |       Header:      Internal Use Only                                       |
  >----------------------------------------------------------------------------|






Hallo,

I am currently trying to configure Firewall-1 4.0 on Solaris to allow
multicast from a server to clients. Has anyone managed this successfully as
there is little information available from Checkpoint
themselves.

Regards,

Jenny Catherall



-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.
Hallo,
 
I am currently trying to configure Firewall-1 4.0 on Solaris to allow
multicast from a server to clients. Has anyone managed this successfully as
there is little information available from Checkpoint
themselves.
 
Regards,
 
Jenny Catherall
 

Reply via email to