Firewall Wizards mailing list archives
Re: FW-1: Questions about DHCP and IPX
From: Calvin Ng <CalvinNG () Brel com>
Date: Wed, 16 Sep 1998 10:53:12 +0800
Greetings, I was recently in an unfortunate position to install a FW-1 in a very flat intranet ( MS- dominant ). So, of course I have to segment out the servers and put them behind the firewall. The unfortunate thing is it breaks the NT domain setup. The servers behind the firewall cannot locate the domain controller. BTW, its still broken, so if someone has know-how, do contact me off-line. Anyway, so I read up quite a bit on cross-domain stuff at the Microsoft web site. Okay, okay, here comes the relevant part. For DHCP across subnet, you need to have a router/gateway, (in this case FW-1), that is capable of being a BOOTP relay. In other words, you probably need to install some software on the firewall to do just that. This information is found from the Microsoft Support Online at http://support.microsoft.com/support I think just FW-1 itself will not do it. I still don't know how to let broadcasts get across subnets yet. Maybe someone can show me. I don't know much about IPX, but I read the manual, and it says that FW-1 <quote> "completely ignores other IP level protocols, such as IPX and DECNET, which are processed by a different protocol stack." If you need to get the IPX packets through, you either need to install an IPX protocol stack on the firewall machine, which will then let the IPX packets through without inspection, or use IP-tunnelling for the IPX packets. Choosing IP-tunnelling will probably require a bit of change on your servers and clients. Err, hope I have been of help. /calvin ---------------------------------------------------------------------------- From: Jim Hebert <jhebert () usweb com> Subject: FW-1: Questions about DHCP and IPX Date: Tue, 15 Sep 1998 17:30:40 -0400 To: firewall-wizards () nfr net Cc: Jim Hebert <jhebert () usweb com> Hi, I have a customer who is considering Check Point Firewall-1 for a project. They have a LAN that they wish to segment from the rest of the internal network. Two requirements are that clients on the segmented LAN must be able to receive their IP addresses via DHCP and the second is that the clients on the segmented LAN must also be able to reach a server on the internal LAN via IPX. Will FW-1 allow DHCP through it and can IPX be tunneled through the firewall? I know that there are several other vendors that implement FW-1 in their products - would any of these be viable? If so, what other components would I need to purchase - i.e., Management Console since this is the first instance of Check Point in their network. Thanks in advance! Jim --- End of Original Message ----------------------------------------------------------------------------
Current thread:
- FW-1: Questions about DHCP and IPX Jim Hebert (Sep 15)
- Re: FW-1: Questions about DHCP and IPX Chris Brenton (Sep 17)
- Re: FW-1: Questions about DHCP and IPX Calvin Ng (Sep 17)
- <Possible follow-ups>
- Re: FW-1: Questions about DHCP and IPX Jason L. Snowden (Sep 22)
- Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
- Re: FW-1: Questions about DHCP and IPX Henry Hertz Hobbit (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Darren Reed (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Joseph S. D. Yao (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 25)
- Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
- Re: FW-1: Questions about DHCP and IPX Kevin Steves (Sep 29)
- Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 29)
- Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 29)