Firewall Wizards mailing list archives

Re: FW-1: Questions about DHCP and IPX

From: Calvin Ng <CalvinNG () Brel com>
Date: Wed, 16 Sep 1998 10:53:12 +0800

Greetings,

  I was recently in an unfortunate position to install a
  FW-1 in a very flat intranet ( MS- dominant ).  So, of course 
  I have to segment out the servers and put them behind the 
  firewall.

  The unfortunate thing is it breaks the NT domain setup.
  The servers behind the firewall cannot locate the domain
  controller.   BTW, its still broken, so if someone has
  know-how, do contact me off-line.

  Anyway, so I read up quite a bit on cross-domain stuff 
  at the Microsoft web site.

  Okay, okay, here comes the relevant part.
  For DHCP across subnet, you need to have a router/gateway, 
  (in this case FW-1), that is capable of being a BOOTP relay.
  In other words, you probably need to install some software 
  on the firewall to do just that.  This information is found 
  from the Microsoft Support Online at 
        http://support.microsoft.com/support

  I think just FW-1 itself will not do it.  I still don't know 
  how to let broadcasts get across subnets yet.  Maybe someone 
  can show me.


  I don't know much about IPX, but I read the manual, and it says
  that FW-1 <quote> "completely ignores other IP level protocols, 
  such as IPX and DECNET, which are processed by a different 
  protocol stack."

  If you need to get the IPX packets through, you either need to 
  install an IPX protocol stack on the firewall machine, which 
  will then let the IPX packets through without inspection, or
  use IP-tunnelling for the IPX packets.  Choosing IP-tunnelling
  will probably require a bit of change on your servers and clients.


  Err, hope I have been of help.

/calvin

----------------------------------------------------------------------------

From: Jim Hebert <jhebert () usweb com>
Subject: FW-1: Questions about DHCP and IPX
Date: Tue, 15 Sep 1998 17:30:40 -0400
To: firewall-wizards () nfr net
Cc: Jim Hebert <jhebert () usweb com>


Hi,

 

  I have a customer who is considering Check Point Firewall-1 for a project. 
 They have a LAN that
they wish to segment from the rest of the internal network.  Two 
requirements are that clients on the
segmented LAN must be able to receive their IP addresses via DHCP and the 
second is that the
clients on the segmented LAN must also be able to reach a server on the 
internal LAN via IPX.  Will
FW-1 allow DHCP through it and can IPX be tunneled through the firewall?  I 
know that there are
several other vendors that implement FW-1 in their products - would any of 
these be viable?  If so, 
what other components would I need to purchase - i.e., Management Console 
since this is the first
instance of Check Point in their network.  Thanks in advance!

 

Jim

--- End of Original Message

----------------------------------------------------------------------------

Current thread:

FW-1: Questions about DHCP and IPX Jim Hebert (Sep 15)
- Re: FW-1: Questions about DHCP and IPX Chris Brenton (Sep 17)
- Re: FW-1: Questions about DHCP and IPX Calvin Ng (Sep 17)
- <Possible follow-ups>
- Re: FW-1: Questions about DHCP and IPX Jason L. Snowden (Sep 22)
  - Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
    - Re: FW-1: Questions about DHCP and IPX Henry Hertz Hobbit (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Darren Reed (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Joseph S. D. Yao (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 25)
    - Re: FW-1: Questions about DHCP and IPX Kevin Steves (Sep 29)
    - Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 29)
    - Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 29)
  - Re: FW-1: Questions about DHCP and IPX Aaron D. Turner (Sep 23)

(Thread continues...)