Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Does Checkpoint prevent 2 gateways routing?

From: "Jack" <jackwhite () lycosasia com>
Date: Fri, 8 Jun 2001 10:30:10 +0800
Dear All,

I have a requirement to enable my NT server to be able to route through 2 gateways. 

Here is how my setup looks like.
There are 3 segments connected to Checkpoint Firewall. I have setup a Win98 on the Trusted segment (10.1.1.0) and a 
WinNT4.0 on the DMZ segment (10.2.2.0) I have also configured the firewall to allow traffice from both ways to and fro 
the trusted and dmz segments. Could see traffic going through from the firewall logs when I ping from client to server 
and server to client.

Scenario 1
--------------
WinNT Server IP: 10.2.2.10
Gateway: 10.2.2.1

Win98 Client IP: 10.1.1.100
Gateway: 10.1.1.1

Trusted Segment of FW: 10.1.1.1
DMZ Segment of FW: 10.2.2.1

ping from 10.2.2.10 to 10.1.1.100 ----> no problem
ping from 10.1.1.100 to 10.2.2.10  ----> no problem

Scenario 2
-------------
WinNT Server IP: 10.2.2.10
Gateway: 10.2.2.200

Win98 Client IP: 10.1.1.100
Gateway: 10.1.1.1

Trusted Segment of FW: 10.1.1.1
DMZ Segment of FW: 10.2.2.1

ping from 10.2.2.10 to 10.1.1.100 ----> request timeout
ping from 10.1.1.100 to 10.2.2.10  ----> request timeout

Scenario 3
-------------
WinNT Server IP: 10.2.2.10
Gateway: 10.2.2.200

Win98 Client IP: 10.1.1.100
Gateway: 10.1.1.1

Trusted Segment of FW: 10.1.1.1
DMZ Segment of FW: 10.2.2.1

route add 10.1.1.0 mask 255.255.255.0 10.2.2.1

ping from 10.2.2.10 to 10.1.1.100 ----> no problem
ping from 10.1.1.100 to 10.2.2.10  ----> request timeout

tracert from 10.1.1.100 to 10.2.2.10 ----> 
        6ms     <10ms   <10ms   10.1.1.1
        *       *       *       request timeout
        *       *       *       request timeout

tracert from 10.2.2.10 to 10.1.1.100 ---->      
        <10ms   <10ms   <10ms   10.1.2.1
        <10ms   <10ms   <10ms   WinNT4.0 [10.1.1.100]



I went through the same setup with another firewall (different model) and had no problem doing a PING from client to 
server and server to client when I have changed the gateway from 10.2.2.1 to 10.2.2.200. 

Is there something which I need to enable or disable on the Checkpoint Firewall. Could anyone please help.

Best Regards,
Jack

------------------------------------------------------------------------
20 PAIRS OF ROUND-THE-WORLD AIRTICKETS UP FOR GRABS!
Take part in the Lycos Ultimate Search Challenge and travel the world...
Get on board now at http://friends.guide.lycosasia.com/

cOntact @ Lycos <http://contact.lycosasia.com>
= 20MB for email and filestore + lots of other goodies...
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: