RE: Checkpoint for internet access

[Bill Van Emburg <bve () quadrix com>]

I can second that opinion.  I have a customer who has been running FW-1
for a couple of years now where the firewall is not the default route
for internal traffic.  It was actually put in for a specific
application, but has since seen modifications to allow some traffic to
travel to the Internet through it, without changing the internal
network's default route.

That said, FW-1 was definitely written with that presumption in mind, so
you do run into some trouble when it is NOT the default route for
internal hosts.  To solve one problem, in particular, we had to reverse
NAT the entire Internet!
-- 

                                     -- Bill Van Emburg
                                        Quadrix Solutions, Inc.
Phone: 732-235-2335, x206               (mailto:bve () quadrix com)
Fax:   732-235-2336                     (http://quadrix.com)
                The eBusiness Solutions Company

---------------------------------------------------------------------

Message: 4
From: "Zarcone, Christopher" <Christopher.Zarcone () netigy com>
To: Andrew J Bernoth/Boulder/IBM <bernoth () us ibm com>,
"Zarcone, Christopher" <Christopher.Zarcone () netigy com>
Cc: 
Subject: RE: [fw-wiz] Checkpoint for internet access
Date: Sun, 22 Oct 2000 09:13:33 -0700
charset="iso-8859-1"

And to take it all the way back to your original question, as I
understand
it, Check Point depends on the routing table of the underlying OS. If
the
OS
doesn't have a default route, Check Point won't have a default route.
Someone please correct me if I'm wrong, but I think your current FW1
administrator is mistaken...

Regards,

Christopher Zarcone, CISSP
Senior Consultant
christopher.zarcone () netigy com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards