Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re: FW-1: Questions about DHCP and IPX

Re: FW-1: Questions about DHCP and IPX

Chris Brenton (cbrentonsover.net)
Tue, 15 Sep 1998 23:43:08 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Christopher Nicholls: "Re: NetMeeting security solution?"
Previous message: Magosanyi Arpad: "Netperm-proxy questiom"
Next in thread: Calvin Ng: "Re: FW-1: Questions about DHCP and IPX"

Jim Hebert wrote:

> I have a customer who is considering Check Point Firewall-1 for a
> project. They have a LAN that they wish to segment from the rest of
> the internal network. Two requirements are that clients on the
> segmented LAN must be able to receive their IP addresses via DHCP and
> the second is that the clients on the segmented LAN must also be able
> to reach a server on the internal LAN via IPX. Will FW-1 allow DHCP
> through it and can IPX be tunneled through the firewall? I know that
> there are several other vendors that implement FW-1 in their products
> - would any of these be viable? If so, what other components would I
> need to purchase - i.e., Management Console since this is the first
> instance of Check Point in their network. Thanks in advance!

First, lose the HTML as it makes it far tougher to read for those of us
who may be able to help you out. ;)

First the DHCP issue. Did you want to use the firewall as a DHCP server
or simply a helper? You can configure FW-1 to deal with this (assuming
the OS supports it). You just have to configure your filter rules to
accept traffic from 255.255.255.255 to the firewall.

As for the IPX issue, FW-1 is IP only, so the firewall will not even
look at IPX. If you go with a platform that is capable of routing IPX
and you do not need to do any IPX filtering, then this would be the best
way to go. You can create an IP tunnel to get over the firewall, but
these are highly inefficient as you are packaging two extra headers per
packet. This will reduce your throughput.

What are your security requirements? It sounds like (IMO) what you
really need is a Cisco router. This takes care of your DHCP issue (if
you need to pass through) as well as your IPX issue. In fact, you can
even filter IPX with the device. If you go with the feature pack, you
can even do dynamic IP packet filtering which puts you in the same
security range as FW-1 at about 1/4 the price.

Hope this helps,
Chris

-- ************************************** cbrenton

sover.net

* Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529 * Mastering Network Security http://www.amazon.com/exec/obidos/ISBN%3D0782123430/002-0346046-8151850

Next message: Christopher Nicholls: "Re: NetMeeting security solution?"
Previous message: Magosanyi Arpad: "Netperm-proxy questiom"
Next in thread: Calvin Ng: "Re: FW-1: Questions about DHCP and IPX"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:46 CDT