At 03:29 PM 6/25/97 -0400, you wrote:
>Does your router environment support host routes? BGP4?
Yes, I'm using Bay Routers and running OSPF. According to Chekpoint's
support provider, it should work but when I tried it doesn't work at all..I
can add the arp entry but not the route entry. It tells me, the network is
Russ, maybe you can hilite to me few things. Once I have define the
"fwxlconf" for the remote NT to have valid translated IP, then I should add
the arp entry rite ? Ok, once the arp entry is done, can I suppose I can
ping the valid IP, am I rite or I need the route to be there ??
Thanks for your help....
>From: ö PaLaN ö[SMTP:palan @
>Sent: Wednesday, June 25, 1997 12:21 PM
>To: firewalls @
>I have a quick question for those who implemented Firewall-1 by
>on a big/huge network. Well, here is the situation :
>O I have FW-1 ver 2.0 running on sparc 20 with two interfaces (valid-ip
>O My FW-1 is doing NAT for say class A network and located in HQ.
>O My HQ has 2MB pipe to ISP.
>O All the remote sites are connected to HQ via Frame Relay cloud.
>O All servers and PCs and other equipment excepts for FW-1 is running on
>O There is one NT server at each remote sites running SMTP connecting to
>O HQ NT has been used to deal direct to Internet for SMTP by running SRC
>DST NAT on FW-1.
>Ok, the above works fine, no problem. My objective now is to off-load
>NT. I don't want a centralized SMTP server, so I propose every remote NT
>deal with Internet directly for SMTP.
>To accomplish this I need to do SRC & DST NAT for all remote NT on my
>Can the FW-1 do SRC & DST NAT accros WAN for a specfic host ?? This is
>I need to know...if you have any suggestions pls advise me.
>Thanks for your advices....
>Network Sec²rity Engineer
>" Hey, here is my key ... lets exchange packets now !! "
Network Sec²rity Engineer
" Hey, here is my key ... lets exchange packets now !! "