Actually, you have to check Enable IP Forwarding within NT. Once you do that,
the FW box will route all interfaces to everwhere & you should be able to ping
anything from anywhere. That is a more accurate test, I think.
Once you have FW installed, make sure you have Control IP Forwarding enabled.
This will tell FW to control what packets are forwarded between interfaces based
on your rules & policies. If FW is unloaded/crashes, it will disable IP routing
on your NT box, thereby preventing open connectivity into your company.
"Barry W. Kokotailo" <[EMAIL PROTECTED]> on 08/16/2000 01:24:10 PM
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED] (bcc: Davinder Rodey/DKBDS
USA/DKB)
Subject: Re: [FW1] DMZ can't access to internet
The procedure is correct. If you sit on the firewall and ping the Internet, the
machines on the dmz, and the machines on the internal
side and they respond, then routing is working on the firewall.
>From he dmz's, ytou should be able to ping the dmz interface.
>From the Internet, you should be able to ping the external interface of the
firewall.
>From the internal networks, you should be able to ping the internal nic card on
the
firewall.
>From the dmz, the internal networks, and the Internet, these are the only
interfaces that you should be able to ping.
Why?
Because, the default entires should be ot NOT forward traffic from any segemnet
to
any other segment. That is the jobv of
the firewall to determine whether or not to forward a packet.
merlin
Rusdyanto Tardjono wrote:
> Dear Guru,
>
> I am in the process of Checkpoint pre-installation. As the requirement says,
> I must make sure that the routing work before installing the software.
> My configuration:
>
> From router goes into one NIC of FW-1 (202.xxx.xxx.xxx) and another NIC from
> FW-1 goes into a hub which connects to DMZ Servers.
> I can ping to internet from FW-1 machine but from a server in DMZ area can
> only ping to the FW-1, not even ping to the router and internet.
> Can someone please help me? Your advice is very much appreciated.
> Thank you.
>
> Regards,
> Rusdy
>
>
================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
>
================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
--
Barry W. Kokotailo
Senior Unix Systems Administrator
1-780-675-6399
PGP = 71 71 96 A3 C0 C2 23 7A 23 4E D4 04 8C E0 42 6B B0 2D D1 A5
The procedure is correct. If you sit on the firewall and ping the Internet,
the machines on the dmz, and the machines on the internal
side and they respond, then routing is working on the firewall.
From he dmz's, ytou should be able to ping the dmz interface.
From the Internet, you should be able to ping the external interface of the firewall.
From the internal networks, you should be able to ping the internal nic card on the firewall.
From the dmz, the internal networks, and the Internet, these are the only interfaces that you should be able to ping.
Why?
Because, the default entires should be ot NOT forward traffic from any
segemnet to any other segment. That is the jobv of
the firewall to determine whether or not to forward a packet.
merlin
Rusdyanto Tardjono wrote:
Dear Guru,I am in the process of Checkpoint pre-installation. As the requirement says,
I must make sure that the routing work before installing the software.
My configuration:From router goes into one NIC of FW-1 (202.xxx.xxx.xxx) and another NIC from
FW-1 goes into a hub which connects to DMZ Servers.
I can ping to internet from FW-1 machine but from a server in DMZ area can
only ping to the FW-1, not even ping to the router and internet.
Can someone please help me? Your advice is very much appreciated.
Thank you.Regards,
Rusdy================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
-- Barry W. Kokotailo Senior Unix Systems Administrator 1-780-675-6399 PGP = 71 71 96 A3 C0 C2 23 7A 23 4E D4 04 8C E0 42 6B B0 2D D1 A5
