Can your OS support it? Generally yes, but specifics depend on your OS. Looks like you might be talking about Solaris, in which case yes, but you probably already knew that. Can FW-1 support it? Yes, but you have to be careful about defining your anti-spoofing. Create a group containing all of the subnets that you want to allow on the physical interface (ie the primary subnet plus all subnets off of sub-interfaces), then define anti-spoofing for that physical interface using "Others" and specifying the group you created. Always name the interfaces in the firewall object to exactly match the physical interface names as reported by the OS. Do not create interfaces on the firewall object for the virtual interface. Do not rename the interfaces in the firewall object. Saves you headaches later. See the FW-1 documentation, FAQ titled "Do Aliased (or Virutal) Interfaces Pose a Security Risk?". In v4.0, this is on page AA-350. For other versions, look up 'virtual interfaces' in the index. Greg S. -----Original Message----- From: Rick Francis [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 10:09 PM To: [EMAIL PROTECTED] Subject: [FW1] logical interfaces can one fast ethernet support multiple logical interfaces each with on the same subnet? hme0, 199.123.84.1 hme0:2, 199.123.84.2 hme0:3, 199.123.84.3 hme0:4, 199.123.84.4 ??rf ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
