[FW-1] W2k and NT routing config

Subject:	[FW-1] W2k and NT routing config
From:	Edwin Davidson <EDavidson AT PRIMEINC DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 13 Jun 2003 08:37:50 -0500

My Checkpoint NG install book states
on page 72 to enable IP forwarding
on NT.  They make no mention of what
to do on W2k.

On W2k one can configure routing with a
registry hack:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
IPEnableRouter=1
or by configuring  "routing and remote
access" service. (has problems?)
http://www.phoneboy.com/wizards/200211/msg00126.html


On newsgroup  cp.products.firewall-1
I found: (might have to cut and paste parts of this)
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=PQugskE%24BHA.226%40dogwood.us.checkpoint.com&rnum=7&prev=/group
s%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dw2k%2Brouting%2Bregistry%2Bhack%26sa%3DN%26tab%3Dwg

"You don't have to enable IP forwardnig. Checkpoint will do it for you. The
logic behind not enabling IP forwarding is if the Checkpoint software
crashes and IP forwarding is enabled, then the OS will forward packets to
your network making it vulnerable. Thats why its safer not to enable ip
forwarding and allow checkpoint to do it for you."

So I am ask the forumn, what do you do?

On W2k, do you configure Routing and Remote Access, or
do the IPEnableRouter registry hack, or do you leave
routing turned off?

Thanks.




http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed.  If you have received this email
in error please reply to the sender of the message.

The views expressed in this correspondence may not
reflect the views of Prime, Inc.

This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] NG AI Requirement?, (continued) Re: [FW-1] NG AI Requirement?, Frank Darden Re: [FW-1] NG AI Requirement?, Shelton, Raymond A. Re: [FW-1] NG AI Requirement?, Marcelo Ribeiro Re: [FW-1] NG AI Requirement?, Frank Darden Re: [FW-1] NG AI Requirement?, Lars Troen Re: [FW-1] NG AI Requirement?, Frank Darden Re: [FW-1] NG AI Requirement?, Sutantyo, Danny Re: [FW-1] NG AI Requirement?, Scott Friedman Re: [FW-1] NG AI Requirement?, William Mathews Re: [FW-1] NG AI Requirement?, Ted Serreyn [FW-1] W2k and NT routing config, Edwin Davidson <= Re: [FW-1] NG AI Requirement?, Brown, Jim Re: [FW-1] NG AI Requirement?, Scott Friedman Re: [FW-1] NG AI Requirement?, Covington, Chris Re: [FW-1] NG AI Requirement?, Scott Friedman Re: [FW-1] NG AI Requirement?, Javier Diaz Re: [FW-1] NG AI Requirement?, Javier Diaz Re: [FW-1] NG AI Requirement?, Ted Serreyn Re: [FW-1] NG AI Requirement?, Javier Diaz Re: [FW-1] NG AI Requirement?, Javier Diaz

Previous by Date:	[FW-1] RE : [FW-1] VPN between a Cisco 1605 R and a Firewall 1 NG FP3.. ., AKOUEGNON Evariste (EURIWARE)
Next by Date:	Re: [FW-1] W2k and NT routing config, Brian Granier
Previous by Thread:	Re: [FW-1] NG AI Requirement?, Ted Serreyn
Next by Thread:	Re: [FW-1] NG AI Requirement?, Brown, Jim
Indexes:	[Date] [Thread] [Top] [All Lists]