On the DHCP debate. We are going to use Cisco's DNS/DHCP Manager.
It's true that you can set up IP addresses to be assigned for a long
time, 6 months to a year using Cisco's product. But you also use
static IP addresses for your servers'. FireWall-1 can handle DHCP
using address translation. I'm surprised that someone from Checkpoint
hasn't entered the debate. I asked the same question a few months ago
and was assured by Checkpoint that FireWall-1 v3.0 can handle DHCP.
Dennis Keller
Computer Specialist
DLA, Admin Support Center East
New Cumberland, PA
email: dkeller @
ddre .
dla .
mil
______________________________ Reply Separator _________________________________
Subject: Re: DHCP and Firewall 1
Author: Mike Jones <mike .
jones @
unifiedtech .
com> at internet01
Date: 6/10/97 10:45 AM
This is a multi-part message in MIME format.
--------------4A6AF6B824BB52C1FBB9A2A3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Geoff Breach wrote:
> On Mon, 9 Jun 97 16:44:44 -0400, donaldb @
ncmi-ny .
com (Donald Branch)
> wrote:
> >I have a Windows NT machine running DHCP I want to be able from
> >that one machine to be able to get out to AOL but since it's ip
> >address keeps changing I can't make a rule based on his ip address.
> >keeps changing
> Only one way. Keep it's IP address from changing. If you configure
> your DHCP server to always hand out the same address to that
> machine's MAC address, you get a middle ground between the benefits
> of DHCP and the benefits of fixed addressing.
Not so. You can use user authentication on the outbound FTP
session.
> Yeah, there are other ways, authenticate, etc, but too much
> trouble IMHO.
Too much trouble? For a single user? If it were for 50 users,
then yeah, but for one it's no biggie.
As far as that goes, if you are using a reasonably large (say,
a month or more) lease time on your DHCP server the IP address
of the machine you're working on will never change unless you
go off the network (e.g., don't turn the machine one) for over
a month. So the idea of doing it by IP address isn't completely
out of the question. DHCP doesn't have to be minute-by-minute
dynamic in most environments to be useful.
--
Mike Jones
Sr. Technology Advisor
UNIFIED Technologies
--------------4A6AF6B824BB52C1FBB9A2A3
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Mike Jones
Content-Disposition: attachment; filename="vcard.vcf"
begin: vcard
fn: Mike Jones
n: Jones;Mike
org: Unified Technologies
adr: ;;105 Jordan Road;Troy;NY;12180;US
email;internet: mike .
jones @
unifiedtech .
com
title: Sr. Technology Advisor
tel;work: (518) 283-1003
tel;fax: (518) 283-1189
x-mozilla-cpt: ;0
x-mozilla-html: FALSE
end: vcard
--------------4A6AF6B824BB52C1FBB9A2A3--
|
|
