Firewall Wizards mailing list archives
Does Checkpoint prevent 2 gateways routing?
From: "Jack" <jackwhite () lycosasia com>
Date: Fri, 8 Jun 2001 10:30:10 +0800
Dear All, I have a requirement to enable my NT server to be able to route through 2 gateways. Here is how my setup looks like. There are 3 segments connected to Checkpoint Firewall. I have setup a Win98 on the Trusted segment (10.1.1.0) and a WinNT4.0 on the DMZ segment (10.2.2.0) I have also configured the firewall to allow traffice from both ways to and fro the trusted and dmz segments. Could see traffic going through from the firewall logs when I ping from client to server and server to client. Scenario 1 -------------- WinNT Server IP: 10.2.2.10 Gateway: 10.2.2.1 Win98 Client IP: 10.1.1.100 Gateway: 10.1.1.1 Trusted Segment of FW: 10.1.1.1 DMZ Segment of FW: 10.2.2.1 ping from 10.2.2.10 to 10.1.1.100 ----> no problem ping from 10.1.1.100 to 10.2.2.10 ----> no problem Scenario 2 ------------- WinNT Server IP: 10.2.2.10 Gateway: 10.2.2.200 Win98 Client IP: 10.1.1.100 Gateway: 10.1.1.1 Trusted Segment of FW: 10.1.1.1 DMZ Segment of FW: 10.2.2.1 ping from 10.2.2.10 to 10.1.1.100 ----> request timeout ping from 10.1.1.100 to 10.2.2.10 ----> request timeout Scenario 3 ------------- WinNT Server IP: 10.2.2.10 Gateway: 10.2.2.200 Win98 Client IP: 10.1.1.100 Gateway: 10.1.1.1 Trusted Segment of FW: 10.1.1.1 DMZ Segment of FW: 10.2.2.1 route add 10.1.1.0 mask 255.255.255.0 10.2.2.1 ping from 10.2.2.10 to 10.1.1.100 ----> no problem ping from 10.1.1.100 to 10.2.2.10 ----> request timeout tracert from 10.1.1.100 to 10.2.2.10 ----> 6ms <10ms <10ms 10.1.1.1 * * * request timeout * * * request timeout tracert from 10.2.2.10 to 10.1.1.100 ----> <10ms <10ms <10ms 10.1.2.1 <10ms <10ms <10ms WinNT4.0 [10.1.1.100] I went through the same setup with another firewall (different model) and had no problem doing a PING from client to server and server to client when I have changed the gateway from 10.2.2.1 to 10.2.2.200. Is there something which I need to enable or disable on the Checkpoint Firewall. Could anyone please help. Best Regards, Jack ------------------------------------------------------------------------ 20 PAIRS OF ROUND-THE-WORLD AIRTICKETS UP FOR GRABS! Take part in the Lycos Ultimate Search Challenge and travel the world... Get on board now at http://friends.guide.lycosasia.com/ cOntact @ Lycos <http://contact.lycosasia.com> = 20MB for email and filestore + lots of other goodies... _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Does Checkpoint prevent 2 gateways routing? Jack (Jun 08)