RE: Firewall-1 NT version question

Mon, 3 Jan 2000 10:43:11 -0800 



> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Sunday, January 02, 2000 9:25 PM
> To:   [EMAIL PROTECTED]
> Subject:      Firewall-1 NT version question
> 
>  
> -----Original Message-----
> ������: Zhang < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> �ռ���: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> <
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> ����: 2000��1��3�� 10:47
> ����: Firewall-1 NT version question
> 
> 
> Dear sir,
> 
>     Can you help me?
> 
>     I meet some question when I use Firewall-1.
>     The Environment is:
>     HP Server PIII500, 128M Memory
>     Windows NT4.0, Package 5
>     3 NIC: 2 Intel NIC, 1 HP NIC
>     FireWall-14.0(250 Users)
> 
> 
>     I have define some rules and NAT to protect my localnet. I have one
> valid IP address for my Gateway's external NIC, one valid IP address for
> my
> DMZ(just web server), and Using NAT(hide mode) to convert internal
> localnet
> invalid IP addresses to Gateway's Valid IP address.
> I allowed localnet to access Internet from Firewall.
> 
>     But there are some problem I met:
>     1. I could connect to the internet from any of my localnet when I
> power
> on it. But when I used it sometimes, such as connecting 10~20 website. The
> connection stopped. But When I repower on it. It work again. And running
> sometime, it stop again. Why?
        [Einhorn, Drew]  
        On Unix boxes this would most likely be a routing problem handled by
the OS running beneath
        FW-1.  This would be the first thing I'd check on an NT box.  The
routes are probably set right
        at boot time, but are getting clobbered when the box hears routing
protocol messages from 
        one of your routers, but is not configured to handle them properly.


        The FW-1 installation instructions tell you to get the routing
configured correctly before trying
        to install and configure the firewall software.  This makes sense
for a fresh install.  But if you
        are doing an upgrade, it means leaving your entire network wide open
during the upgrade process
        which can be a kind of scary.

>     2. Can I using command "ping" in my localnet?
        [Einhorn, Drew]  
        Depends on whether your configuration permits or denys it.
        Don't forget the infamous Rule Zero that is generated from your
property sheet entries
>     best regards
>     Tom Zhang
> 
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to