Hi all,
Need some expert advice on the setting of FW-1 Policy and NAT. Currently
we are trying to
configure FW-1 for our network and having some configuration problem.
Any help would be very much
appreciated.
The network configuration is as follows:-
Internal LAN
172.16.0.0 202.A.A.2
172.16.C.D 202.A.A.1 202.B.B.X 202.B.B.1
--------------< Wingate Proxy > ----------------< FW-1> ---------<Filter
Router>-- Internet
enable WWW proxy | DNZ
202.A.C.1|
|
|
202.A.C.Z < WWW server > 202.B.B.Z
202.B.0.0 is defined as external interface
202.A.A.0 and 202.A.C.0 is as internal interface
Access from internal network to WWW server is 202.A.C.Z
Access from external network to WWW server is 202.B.B.Z
Access from external network to 202.A.A.0 is prohibited
(1) How should I defined my Security policy and Address translation
defination?
(2) If I have a WWW server as a workstation object, what should be its
address ? 202.A.C.Z or 202.B.B.Z?
(2.1) What is the valid IP address then ???
(3) If I enable icmp, do I be able to ping 202.B.B.Z from by external
network and ping 202.A.C.Z from
my internal network? How can I set the configuration?
(4) Is there any other security problem if I setup my security policy
as below..
Source Dest Service Action
Ext-Net WWW-S Http Accept
Int-Net Any Http Accept
Any Any Drop
(4.1) Ext-Net and Int-Net should I define them as Network Object?
(4.2) WWW-S should I define as workstation? what is its address then
? and what is the valid IP address?
(5) Do I need to set routing table at NT level or default gateway for
each interface card?
Your assistant would be much appreciated. Thank you.
|
|
