RE: [FW1] Multiple Protocols - TCP/IP & NETBEUI

[Brendan McCauley]

IMHO...   1. On the database server install TCP/IP and NetBEUI.   On the Database, I would install one protocol only.  Because all of your clients will already have one of them and you want to reduce the number of protocols on a server (any device really) to the bare necessity.   2. Install NetBEUI on all the 150 Computers to share resources among all   I would use IPX vice NetBEUI because it doesn't require any special bridging.  Lets say you have remote branches on frame-relay all you need is the IP/IPX package for the routers (at least with Cisco), and IPX still gets shunted at the firewall as long as the firewall machine doesn't have IPX installed.  You'll also see less load on your backbone switches (or hubs) because IPX isn't as chatty as NetBEUI.   4. If we do the way we have mentioned above , is the entire network is secure ?   As secure as any other network running FW-1.   3.By doing this can we avoid buying more license from checkpoint for the computers which doesnot need internet access.   You still need to purchase the license for the full number of PCs _behind_ the firewall to be legal.  (The last time I checked) the license was for every device that gets protection from the fw (vice those that just surf across it) regardless of protocols installed, etc, etc.  In other words, lets say you have 150 network printers and  1 PC then you still need coverage for at least 151 (maybe 152 because of the firewall itself) devices because they are all protected by the Checkpoint product.  Now in your case the only issue you'll have is that annoying error in the event logs (with NT at least) that tells you that you only have licenses for 100 devices (other than being caught without proper licensing).   5.or else is it better to buy 150 licenses and use TCP/IP ?   Yes, spend the money and restrict them in groups through policies, etc.  You'll have an all around happier network that way.   And the goal _IS_ to have a safer, happier network, right?