RE: [gb-users] Dual Protected Networks

[Cox, Danny H.]

>From previous experience I have often seen that you can still ping the 
>gateway, but not the clients.  If this is the case, then simply add 2 filters 
>that deny "any" all to directly access the gateways:

 

PRO 1 - 10.79.0.1

PRO 2 - 10.79.12.1



Thanks,

 

Danny



        -----Original Message----- 

        From: Chris Green [mailto:[EMAIL PROTECTED] 

        Sent: Wed 3/16/2005 9:43 AM 

        To: 'David Brooks'; gb-users@gta.com 

        Cc: 

        Subject: RE: [gb-users] Dual Protected Networks

        

        



        PRO 1 - 10.79.0.0/21

        PRO 2 - 10.79.12.0/24

        

        I created an outbound filter as the first on the list as follows:

        

        Deny warning "PROTECTED" ALL nolog coalesce(all) from Protected 
Networks to

        Unix.LAN

        

        "Protected Networks" contains the PRO 1 range, "Unix.LAN" contains PRO 2

        range.  The "PROTECTED" Interface label refers to PRO 1 since this

        originally only had a PRO and EXT. 

        

        I can still ping the PRO 2 interface from the PRO 1 network.

        

        Any ideas?

        

        Chris Green

        

        

        -----Original Message-----

        From: David Brooks [mailto:[EMAIL PROTECTED]

        Sent: Wednesday, March 16, 2005 10:48 AM

        To: gb-users@gta.com

        Subject: Re: [gb-users] Dual Protected Networks

        

        Chris,

        

        Quick answer -

        

        Networks of type protected are considered peers.  And by default are 
NAT'ed

        between each other and have access to each other.    You can place an

        outbound filter to deny access to each other network on their respective

        Interfaces.  This will stop them from accessing each other.

        

        You would only use Pass Through Filters if you had removed NAT (IP Pass

        Through) between both protected network.

        

        PSN are a different case.  They are not peers and are external to 
protected

        network.

        

        David

        

        

        At 11:17 AM 3/16/2005, Chris Green wrote:

        >I have a situation where I have set up two protected networks.  I was 
under

        >the impression that these networks would be isolated from each other, 
but

        it

        >appears the firewall is routing between them.  I tried setting up

        >pass-through filters denying the traffic, but the result is the same.  
How

        >can I have a single GB-750 firewall serve two isolated networks with a

        >shared internet connection without allowing access across them?

        >

        >Chris Green

        

        ------------------------------------------------------

        To unsubscribe:           [EMAIL PROTECTED]

        For additional commands:         [EMAIL PROTECTED]

        Archive:  http://archives.gnatbox.com/gb-users/

        

        

        __________ NOD32 1.1027 (20050316) Information __________

        

        This message was checked by NOD32 antivirus system.

        http://www.nod32.com

        

        ------------------------------------------------------

        To unsubscribe:           [EMAIL PROTECTED]

        For additional commands:         [EMAIL PROTECTED]

        Archive:  http://archives.gnatbox.com/gb-users/


------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/