FW-1 won't pick up the virtual interfaces by default. But you can add them
to the interfaces tab in FW-1 easily enough. The trick is you cannot use
the colon ( : ) as the delimiter for the aliases. Change it to an
underscore or hyphen ( _ or - ) and it will work fine. The INSPECT language
uses colons as a special character I believe, so you can't have 'em in
names for anything.
You can also send an e-mail to [EMAIL PROTECTED] if you have further
questions.
----------------------------------------------------------------
Mark Boltz Stonesoft Inc.
Network Security Specialist 115 Perimeter Center Place
[EMAIL PROTECTED] South Terraces, Suite 1000
Tel: +1 770 668 1125 Atlanta, GA 30346
Cel: +1 404 386 8500 USA
Fax: +1 770 668 1131 http://www.stonesoft.com
Support: 1-866-435-7324 (US Toll Free)
Support: 1-678-259-3400
Patrick Desnoyers
<[EMAIL PROTECTED]> To:
"'[EMAIL PROTECTED]'"
Sent by:
<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
kpoint.com cc:
Subject: [FW1]
Stonebeat -- Virtual interfaces
04/02/2001 02:51 PM
Setup: Solaris 2.7, fw-1 41. sp3 Stonebeat 2.0a sp2
Stonebeat manual says "define your virtual interfaces" and shows an example
where qfe0:1 is defined in the interface tab on a firewall object. BUT fw-1
manual says that virtual if cannot be seen by fw-1. (does not bind to them)
and anyway the policy wont compile with my qfe0:1 defined.(syntax error in
the pf file cause by the ':' I think)
So, my questions is simple, what do I really need to do to get Stonebeat to
work with FW-1 ???
--Do I need to fully configure FW-1 HA before installing SB ?
Can someone supply me with a VALID diagram using 2 operative if, 1 control
if using multicast ? please !! ;-)
Thanks
**************************************************************
Patrick Desnoyers
Administrateur de Securite des reseaux
Network security administrator
**************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================