Linux (Redhat) = IP Forwarding is turned off by default.
Windows 2000 = IP Forwarding is turned off by default.
Solaris = No Sure, but I believe it is turned on by default.
IP forwarding is disabled when ever CP does not have a valid policy
installed unless you manually change the IP forwarding state, or when
the policy is uninstalled (i.e. During a reboot, During the firewall
daemon restart).
Chris Burton
Network Engineer
Walt Disney Internet Group: Network Services
-----Original Message-----
From: Marques, Ricardo [mailto:ricardo.marques AT PT.UNISYS DOT COM]
Sent: Monday, June 02, 2003 10:01 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Enable/Disable IP forwarding/routing
You can try to put a firewall to work without routing activated (i think
it
doesnt work)
In Windows 2000 you have to activate IP forwarding (routing) and be
carefull
with routing tables. I think this is true to all OS, but you can try it.
Ricardo Marques
-----Original Message-----
From: Olaf Lange [mailto:Olaf.Lange AT METAGEN DOT DE]
Sent: segunda-feira, 2 de Junho de 2003 16:52
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Enable/Disable IP forwarding/routing
Dear all,
as I found there are some inconsistencies in public literature regarding
to Firewall-1 installations. Perhaps somebody can explain what's right
:-)
In "CCSA Next Generation Check Point Certified Security Administrator
Study Guide" (ISBN 0-07-219420-0 from McGraw-Hillx) he says "In Solaris,
IP forwarding is enabled by default and should be disabled." As well the
processing of source routed packets should be disabled.
But in Sybex "CCSE NG Check Point Certified Security Expert Study Guide"
the authors writes "....be sure the machines properly route packets
between each network interface. Be sure that IP routing/forwarding is
anabled in your OS and the routing tables are correct."
What's the truth ? I am a little bit irretated :-(
Thx
Olaf
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
