Firewall Wizards mailing list archives
Re: Gauntlet and Transparency questions
From: Inno Eroraha <inno () patriot net>
Date: Wed, 11 Nov 1998 09:18:15 -0500
Does anyone know if it is true that transparency in Gauntlet only works
when the firewall is on the same
subnet as the clients? In other words if I have a trusted network which is down the other end of an internal leased line, and hence on a different subnet, that transparency will not work?
This is not a true statment! Gauntlet doesn't descriminate transaparency based on users location relative to the firewall, unless configured otherwise. Once transparency is enabled for any given subnet (by Default, trusted networks have transparency), these networks should be able to initiate connections transparently regardless of geographical or network location. Therefore, assuming you have a leased line connecting a UK office to a Nigerian office, with a Gauntlet firewall located in the Nigerian office, so long as the UK network is trusted to the firewall, connections should be transparent to them just like for clients located around the firewall, unless the FW has been configured otherwise. Ensure that: * The subnet in question is in your trusted network table (using entries like: 123.45.67.* or 123.45.67.0:255.255.255.0, or 123.45.67.64:255.255.255.224, etc.) * There isn't an alternate route from your internal "internal leased line" to the outside of the firewall -0- Inno Eroraha Network Security Consultant http://patriot.net/~inno/ PGPkey: http://patriot.net/~inno/pgpkey inno () patriot net
Current thread:
- Gauntlet source IP address re-write question esteban (Nov 07)
- Re: Gauntlet source IP address re-write question Inno Eroraha (Nov 09)
- Re: Gauntlet source IP address re-write question Chris michael (Nov 09)
- Re: Gauntlet source IP address re-write question Joseph S D Yao (Nov 09)
- Re: Gauntlet source IP address re-write question Christopher Michael (Nov 09)
- Gauntlet and Transparency questions Steve George (Nov 10)
- Re: Gauntlet and Transparency questions Christopher Nielsen (Nov 11)
- Re: Gauntlet and Transparency questions Rick Murphy (Nov 11)
- Re: Gauntlet and Transparency questions Inno Eroraha (Nov 11)
- Re: Gauntlet and Transparency questions Frederick M Avolio (Nov 11)
- Re: Gauntlet and Transparency questions Chris Michael (Nov 12)
- Re: Gauntlet source IP address re-write question Christopher Michael (Nov 09)
- <Possible follow-ups>
- RE: Gauntlet source IP address re-write question Burgess, John (EDS) (Nov 10)
- Re: Gauntlet source IP address re-write question Dale Lancaster (Nov 10)
- Re: Gauntlet source IP address re-write question Bruce B. Platt (Nov 10)