|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FW-1: Questions about DHCP and IPX
Calvin Ng (CalvinNG
Brel.com)
Wed, 16 Sep 1998 10:53:12 +0800
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Gigi Sullivan: "Re: utility for NAT"
- Previous message: Joseph S. D. Yao: "Re: utility for NAT"
- In reply to: sandeep kumar: "utility for NAT"
- Next in thread: Jason L. Snowden: "Re: FW-1: Questions about DHCP and IPX"
Greetings,
I was recently in an unfortunate position to install a
FW-1 in a very flat intranet ( MS- dominant ). So, of course
I have to segment out the servers and put them behind the
firewall.
The unfortunate thing is it breaks the NT domain setup.
The servers behind the firewall cannot locate the domain
controller. BTW, its still broken, so if someone has
know-how, do contact me off-line.
Anyway, so I read up quite a bit on cross-domain stuff
at the Microsoft web site.
Okay, okay, here comes the relevant part.
For DHCP across subnet, you need to have a router/gateway,
(in this case FW-1), that is capable of being a BOOTP relay.
In other words, you probably need to install some software
on the firewall to do just that. This information is found
from the Microsoft Support Online at
http://support.microsoft.com/support
I think just FW-1 itself will not do it. I still don't know
how to let broadcasts get across subnets yet. Maybe someone
can show me.
I don't know much about IPX, but I read the manual, and it says
that FW-1 <quote> "completely ignores other IP level protocols,
such as IPX and DECNET, which are processed by a different
protocol stack."
If you need to get the IPX packets through, you either need to
install an IPX protocol stack on the firewall machine, which
will then let the IPX packets through without inspection, or
use IP-tunnelling for the IPX packets. Choosing IP-tunnelling
will probably require a bit of change on your servers and clients.
Err, hope I have been of help.
/calvin
----------------------------------------------------------------------------
From: Jim Hebert <jhebertusweb.com>
Subject: FW-1: Questions about DHCP and IPX
Date: Tue, 15 Sep 1998 17:30:40 -0400
To: firewall-wizardsnfr.net
Cc: Jim Hebert <jhebertusweb.com>
Hi,
I have a customer who is considering Check Point Firewall-1 for a project.
They have a LAN that
they wish to segment from the rest of the internal network. Two
requirements are that clients on the
segmented LAN must be able to receive their IP addresses via DHCP and the
second is that the
clients on the segmented LAN must also be able to reach a server on the
internal LAN via IPX. Will
FW-1 allow DHCP through it and can IPX be tunneled through the firewall? I
know that there are
several other vendors that implement FW-1 in their products - would any of
these be viable? If so,
what other components would I need to purchase - i.e., Management Console
since this is the first
instance of Check Point in their network. Thanks in advance!
Jim
--- End of Original Message
----------------------------------------------------------------------------
- Next message: Gigi Sullivan: "Re: utility for NAT"
- Previous message: Joseph S. D. Yao: "Re: utility for NAT"
- In reply to: sandeep kumar: "utility for NAT"
- Next in thread: Jason L. Snowden: "Re: FW-1: Questions about DHCP and IPX"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:46 CDT