Message-ID: <ecdc49d6534dab8a @
deliver .
cichlid .
com>
Lines: 72
Xdeliver: processed on Mon Feb 3 01:38:49 PST 1997
Xdeliver: SENDER fw-1-mailinglist-owner @
us .
checkpoint .
com
Xdeliver: to
Xdeliver: cc
Xdeliver: apparent_to
Xdeliver: from "david.d.b.bolger@ .x400.entropy.ie"@entropy.entropy.ie
X400-Received: by mta EntropyMHS in /PRMD=Entropy/ADMD=ENT/C=ie; Relayed; 03 Feb 97 09:30:09 +0000
X400-Received: by /PRMD=Entropy/ADMD=ENT/C=ie; Relayed; 03 Feb 97 09:30:09 +0000
Date: 03 Feb 97 09:30:20 +0000
Delivery-Date: 03 Feb 97 09:30:20 +0000
Message-Type: Multiple Part
X400-Originator: "david.d.b.bolger@ .x400.entropy.ie"
X400-MTS-Identifier: [/PRMD=Entropy/ADMD=ENT/C=ie;ISOCOR-32eca775-entropymhs]
X400-Recipients: owner-fw-1-mailinglist @
us .
checkpoint .
com
X400-Recipients: ToddK @
competitive .
com
X400-Recipients: fw-1-mailinglist @
us .
checkpoint .
com
Original-Encoded-Information-Types: IA5-Text
X400-Content-Type: P2-1984
Message-ID: <ISOPRO::DH-EF::63C6::32F61E82*/G=david/I=db/S=bolger/CN=david/O=entropy/OU= /PRMD=entropy/ADMD=ent/C=ie @
MHS>
Importance: normal
Subject: RE(2): [FW1] FW logswitch on Windows NT
Autoforwarded: FALSE
To: owner-fw-1-mailinglist @
us .
checkpoint .
com (Non Receipt Notification Requested)
To: ToddK @
competitive .
com (Non Receipt Notification Requested)
CC: fw-1-mailinglist @
us .
checkpoint .
com (Non Receipt Notification Requested)
In-Reply-To: <0131084029-Re: FW1 FW logswitch on Windows NT * @MHS>
Conversion: Allowed
Conversion-With-Loss: Allowed
Alternate-Recipient: Prohibited
Content-Identifier: RE(2): ?FW1? FW
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7Bit
Sender: owner-fw-1-mailinglist @
us .
checkpoint .
com
If you disable IP forwarding in NT, then if you wish to use it as a firewall, the packets destined for the other side will not even try to get to the firewall level.
You need to have IP forwarding on, and then let FW-1 control it or not.
===============================
David Bolger - Technical Engineer
Entropy Ltd.
Unit 25
Sandyford Office Park
Dublin 18
Ireland
Tel: ++353-1-2940199
Fax: ++353-1-2940121
email: David .
Bolger @
entropy .
ie
===============================
---- owner-fw-1-mailinglist(a)us.checkpoint.com's Message ----
> The default for Firewall-1 is to 'control IP forwarding' which means
> that although the NT IP forwarding is enbaled packets WILL NOT be
> forwarded unless Firewall-1 permits. I beleive this is true even when
> the Firewall-1 service is stopped due to the device driver changes to
> the IP stack made by Checkpoint.
>
> Can anyone confirm this last point for me?
>
The last point is true. However, it is better to disable ip forwarding
capablity of NT (I'm quite dark in NT) so that the host would not be
able to forward ip even when FW-1 was unloaded from system.
Nobuhiko Yoshimoto
Nihon Keizai Shimbun Inc.
yoshi @
nikkei .
co .
jp
phone:813-5690-0256
fax:813-5690-0250
|
|
