| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
A few questions on FW97 on Unix:
1. Does it have the ability to support at least 3 networks through the GUI.
The SPD says but we couldn't do it during the installation.
If the GUI doesn�t support all 3 networks, how exactly can be done
outside the GUI? Are they by scripts or by OS commands?
Are there any side effects or known problems?
Please give a pointer to the instructions.
2. Do all features such as application proxy, authentication etc
supported on all the networks, not just on two of the networks.
Are all networks functions identical?
3. I assume transparent telnet, ftp etc are all supported in all 3 networks
in the firewall, right?
Regards,
Steve C.
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1971.1 | BIGUN::nessus.cao.dec.com::Mayne | Meanwhile, back on Earth... | Wed May 28 1997 03:39 | 3 | |
I do believe there might be an application note describing a third network. PJDM | |||||
| 1971.2 | Nope | NNTPD::"[email protected]" | Torsten kerschat | Wed May 28 1997 10:19 | 21 |
You can find a description in the new application note #15 or #16. Acutally, this functionality is just the same as in firewall version 2.1, except that an application note is added. It describes a little bit, how to configure a third interface (to give an interface a color, like green, yellow or so). Afterwards you can specify with the packet filter (screend and it's /etc/screend.conf file) the packets which are allowed through the firewall. example: between interface blue and interface green tcp port telnet accept; this allows a telnet from the internal network to the third network-card. Unfortunatly, you can't do this via the GUI (unlike Checkpoint's or IBM's new firewall). You have to edit the /etc/screend.conf file and restart the screend /sbin/rc3.d/S*screend stop ; /sbin/rc3.d/S*screend start You can't implement any authentication via the third interface. Sorry for this answer, but that's it. It's like selling an old feature with just another name. Torsten [Posted by WWW Notes gateway] | |||||
| 1971.3 | NCMAIL::SMITHB | Wed May 28 1997 10:54 | 4 | ||
When I tried this with 2.1, the proxies would not work with a third "color". My understanding is that this will only work with screend. Brad. | |||||