If you are thinking of doing this you should look at the Nokia platform. Theoretically a UNIX system should be able to do this with gated, but we have had problems getting this to run on 64 bit Kernels of Solaris 2.7 boxes. If it is at all possible you should avoid doing this. It is not considered good practice to have something automatically updating the routing of your firewall. If you are putting them somewhere where you need to put OSPF on them the chances are you may not need a statefull inspection firewall there and a natural firewall, using acls and route maps may be sufficient. But for certain situations it may be unavoidable or necessary at least in the short term. I would only do it if both sides of the Firewall are administratively controlled by trusted parties. And use MD5 authentication. Also, limit your ospf-sources to only the routers you are neighboring with. At 04:37 PM 3/6/01 +0000, R M wrote: >All > >Can CheckPoint FireWall-1 on UNIX/NT platforms participate within an OSPF >environment and if so would it be recommended? > >Thanks in advance > > >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > >================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================ MikeCC http://atrek.org/mikecc ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
