My company is installing firewall on our small network. I have the
following questions regarding firewall installation. Any help would be
appreciated.
Current setup: Network mask 255.255.255.0
IP Network --------> [Livingston Router] --------> Internet
AAA.BBB.CCC.005 AAA.BBB.CCC.001 (Class C)
AAA.BBB.CCC.006
AAA.BBB.CCC.007 etc.
We would like to put in the Checkpoint firewall before IP migration.
Can I set IP as follow ?
IP Network ---> [Checkpoint Firewall] ---> [Livingston] ---> Internet
AAA.BBB.CCC.005 <-- AAA.BBB.CCC.002 AAA.BBB.CCC.001
AAA.BBB.CCC.006 AAA.BBB.CCC.003 -->
AAA.BBB.CCC.007
A vendor said that we can not do the above. We have to create two subnets.
and renumber the network as follow:
Subnet mask: 255.255.255.128
IP Network ---> [Checkpoint Firewall] ---> [Livingston] ---> Internet
AAA.BBB.CCC.130 <-- AAA.BBB.CCC.129 AAA.BBB.CCC.001
AAA.BBB.CCC.131 AAA.BBB.CCC.003 -->
AAA.BBB.CCC.132
Basically, we will loose half of our addresses to the untrusted side of the
network. My questions are:
1. Shouldn't the firewall acts as a router?
When packages pass through it, it would do its things and then passes
the packages on or reject them.
2. Why I cannot setup the firewall without loosing half of my addressed.
3. Should I be looking at the firewall as replacement of the router in
order to keep the network number scheme in tack.
Thanks in advance for your input.
|
|
