How the rules on the firewall get written depends completely on the
protocol(s) being used. If you are using TCP or UDP then a single rule for
the outbound or inbound traffic would be enough. If you are doing other
protocols like protocol 50 (IPSec) for VPN then you must have rules for both
directions.
Jim Wentzel
----- Original Message -----
From: "Lee (lunchbox) Hughes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 14, 2000 8:24 AM
Subject: [FW1] Question on Rules..
>
> Okay, so I've been playing with firewall one this week,
> got the rules sorted out, but what I can't understand is,
> if I define a rule like this
>
> internal Netshow any - let netshow streaming protcol out
>
> then the only way I can get it to work is if I add
> another rule which say's
>
> internet netshow firewall - which lets netshow back to the firewall
> (I am using NAT on the internet interface).
>
> then it works fine, do you always have to add two rules to
> get one protcol working, I would of thought that allowing netshow,
> would automaticly make the firewall open up incomming ports
> too, unless I am really really wrong on this, any one care to correct me?
> Perhaps this is what you have to do with rules that are using NAT,
> rather than just plain IP routing!
> Cheers,
> Lee
>
> p.s. how do I define the outside world, i.e. not dmz, not internal,
> just 'the rest' of the internet on the external interface, or is
> this covered by the 'any' object?
>
> p.p.s. I'm getting to like firewall 1 ;-).
>
> -----Original Message-----
> From: Rusdyanto Tardjono [mailto:[EMAIL PROTECTED]]
> Sent: 14 August 2000 08:45
> To: [EMAIL PROTECTED]
> Subject: [FW1] DMZ can't access to internet
>
>
>
> Dear Guru,
>
> I am in the process of Checkpoint pre-installation. As the requirement
says,
> I must make sure that the routing work before installing the software.
> My configuration:
>
> From router goes into one NIC of FW-1 (202.xxx.xxx.xxx) and another NIC
from
> FW-1 goes into a hub which connects to DMZ Servers.
> I can ping to internet from FW-1 machine but from a server in DMZ area can
> only ping to the FW-1, not even ping to the router and internet.
> Can someone please help me? Your advice is very much appreciated.
> Thank you.
>
> Regards,
> Rusdy
>
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
