I don't think it's necesarry to turn it on pre-install. The only reason
to do so prior to installation of Checkpoint would be to test the
ability to route through the box which essentially would test to ensure
all the interfaces are configured correctly and your static routes are
added properly and return route paths make it back to your Win2k system.
T. Brian Granier
GCIA, CCNA, CCSE, CHP, MCSE (NT4&W2K), MCP+I, N+, A+
Information Security Architect
Zebec Data Systems, Inc.
-----Original Message-----
From: Edwin Davidson [mailto:EDavidson AT PRIMEINC DOT COM]
Sent: Friday, June 13, 2003 8:38 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] W2k and NT routing config
My Checkpoint NG install book states
on page 72 to enable IP forwarding
on NT. They make no mention of what
to do on W2k.
On W2k one can configure routing with a
registry hack:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
IPEnableRouter=1
or by configuring "routing and remote
access" service. (has problems?)
http://www.phoneboy.com/wizards/200211/msg00126.html
On newsgroup cp.products.firewall-1
I found: (might have to cut and paste parts of this)
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=PQug
skE%24BHA.226%40dogwood.us.checkpoint.com&rnum=7&prev=/group
s%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dw2k%2Brouting%2Bregi
stry%2Bhack%26sa%3DN%26tab%3Dwg
"You don't have to enable IP forwardnig. Checkpoint will do it for you.
The logic behind not enabling IP forwarding is if the Checkpoint
software crashes and IP forwarding is enabled, then the OS will forward
packets to your network making it vulnerable. Thats why its safer not to
enable ip forwarding and allow checkpoint to do it for you."
So I am ask the forumn, what do you do?
On W2k, do you configure Routing and Remote Access, or
do the IPEnableRouter registry hack, or do you leave
routing turned off?
Thanks.
http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please reply to the
sender of the message.
The views expressed in this correspondence may not
reflect the views of Prime, Inc.
This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
