How about installing another interface on the box (hme or qfe card)
and ifconfig that second interface with another network. You can
stealth the firewall fairly well by not allowing ping, traceroute fw
control connections, etc.. in policy properties (rule 0), and
addressing them in the rulebase instead. I never configure servers
on the same network as the external interface of my firewalls...-BK
On 8 Jun 2000, at 16:44, Larry Haff wrote:
>
> Hi All,
>
> In trying to have a FW be as invisible as possible, I have often wondered if
> it would be desirable, or even possible, to hide the portion of a LAN that
> is not using NAT behind an IP address other than the one assigned to the
> external interface of the FW. Has anyone tried this? If yes, can you offer
> guidance?
>
> Larry Haff
> Network and Technical Administrator
> Institute of Computer Technology
> Email: [EMAIL PROTECTED]
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
