Firewall Wizards mailing list archives
RE: Checkpoint for internet access
From: Bill Van Emburg <bve () quadrix com>
Date: Tue, 24 Oct 2000 15:46:43 -0400
I can second that opinion. I have a customer who has been running FW-1 for a couple of years now where the firewall is not the default route for internal traffic. It was actually put in for a specific application, but has since seen modifications to allow some traffic to travel to the Internet through it, without changing the internal network's default route. That said, FW-1 was definitely written with that presumption in mind, so you do run into some trouble when it is NOT the default route for internal hosts. To solve one problem, in particular, we had to reverse NAT the entire Internet! -- -- Bill Van Emburg Quadrix Solutions, Inc. Phone: 732-235-2335, x206 (mailto:bve () quadrix com) Fax: 732-235-2336 (http://quadrix.com) The eBusiness Solutions Company --------------------------------------------------------------------- Message: 4 From: "Zarcone, Christopher" <Christopher.Zarcone () netigy com> To: Andrew J Bernoth/Boulder/IBM <bernoth () us ibm com>, "Zarcone, Christopher" <Christopher.Zarcone () netigy com> Cc: Subject: RE: [fw-wiz] Checkpoint for internet access Date: Sun, 22 Oct 2000 09:13:33 -0700 charset="iso-8859-1" And to take it all the way back to your original question, as I understand it, Check Point depends on the routing table of the underlying OS. If the OS doesn't have a default route, Check Point won't have a default route. Someone please correct me if I'm wrong, but I think your current FW1 administrator is mistaken... Regards, Christopher Zarcone, CISSP Senior Consultant christopher.zarcone () netigy com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 19)
- Re: Checkpoint for internet access Brad Van Orden (Oct 20)
- <Possible follow-ups>
- RE: Checkpoint for internet access Kalat, Andrew (ISS Atlanta) (Oct 20)
- Re: Checkpoint for internet access Zarcone, Christopher (Oct 20)
- Re: Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 23)
- RE: Checkpoint for internet access Kalat, Andrew (ISS Atlanta) (Oct 23)
- Re: Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 23)
- RE: Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 24)
- RE: Checkpoint for internet access Zarcone, Christopher (Oct 24)
- RE: Checkpoint for internet access Bill Van Emburg (Oct 26)