Re: [FW-1] W2k and NT routing config

Subject:	Re: [FW-1] W2k and NT routing config
From:	Wayne Ho <wenghon828 AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 13 Jun 2003 07:56:27 -0700

During Checkpoint installation, IPforwarding will be
disabled. Firewall by default will control the routing
.

Wayne
--- Brian Granier <briang AT ZEBEC DOT NET> wrote:
> I don't think it's necesarry to turn it on
> pre-install. The only reason
> to do so prior to installation of Checkpoint would
> be to test the
> ability to route through the box which essentially
> would test to ensure
> all the interfaces are configured correctly and your
> static routes are
> added properly and return route paths make it back
> to your Win2k system.
>
> T. Brian Granier
> GCIA, CCNA, CCSE, CHP, MCSE (NT4&W2K), MCP+I, N+, A+
> Information Security Architect
> Zebec Data Systems, Inc.
>
>
>
> -----Original Message-----
> From: Edwin Davidson [mailto:EDavidson AT PRIMEINC DOT COM]
> Sent: Friday, June 13, 2003 8:38 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] W2k and NT routing config
>
>
> My Checkpoint NG install book states
> on page 72 to enable IP forwarding
> on NT.  They make no mention of what
> to do on W2k.
>
> On W2k one can configure routing with a
> registry hack:
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
> IPEnableRouter=1
> or by configuring  "routing and remote
> access" service. (has problems?)
> http://www.phoneboy.com/wizards/200211/msg00126.html
>
>
> On newsgroup  cp.products.firewall-1
> I found: (might have to cut and paste parts of this)
>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=PQug
>
skE%24BHA.226%40dogwood.us.checkpoint.com&rnum=7&prev=/group
>
s%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dw2k%2Brouting%2Bregi
> stry%2Bhack%26sa%3DN%26tab%3Dwg
>
> "You don't have to enable IP forwardnig. Checkpoint
> will do it for you.
> The logic behind not enabling IP forwarding is if
> the Checkpoint
> software crashes and IP forwarding is enabled, then
> the OS will forward
> packets to your network making it vulnerable. Thats
> why its safer not to
> enable ip forwarding and allow checkpoint to do it
> for you."
>
> So I am ask the forumn, what do you do?
>
> On W2k, do you configure Routing and Remote Access,
> or
> do the IPEnableRouter registry hack, or do you leave
> routing turned off?
>
> Thanks.
>
>
>
>
> http://www.primeinc.com
>
**********************************************************************
> This email and any files transmitted with it are
> confidential and
> intended solely for the use of the individual or
> entity to whom they are
> addressed.  If you have received this email in error
> please reply to the
> sender of the message.
>
> The views expressed in this correspondence may not
> reflect the views of Prime, Inc.
>
> This footnote also confirms that this email message
> has
> been scanned for the presence of computer viruses.
>
**********************************************************************
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================


__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] W2k and NT routing config, Brian Granier Re: [FW-1] W2k and NT routing config, Wayne Ho <= Re: [FW-1] W2k and NT routing config, Lars Troen Re: [FW-1] W2k and NT routing config, Thomas Weeden Re: [FW-1] W2k and NT routing config, Edwin Davidson Re: [FW-1] W2k and NT routing config, Schill, Mark Re: [FW-1] W2k and NT routing config, Reinhard Stich Re: [FW-1] W2k and NT routing config, Bill Re: [FW-1] W2k and NT routing config, Eric i Re: [FW-1] W2k and NT routing config, Lars Troen

Previous by Date:	Re: [FW-1] W2k and NT routing config, Lars Troen
Next by Date:	Re: [FW-1] Unexpected post syn packet, Aaron . Reynolds
Previous by Thread:	Re: [FW-1] W2k and NT routing config, Brian Granier
Next by Thread:	Re: [FW-1] W2k and NT routing config, Lars Troen
Indexes:	[Date] [Thread] [Top] [All Lists]