>I have a customer that I'm working with using Check Point Firewall-1. Sorry, but I cut a *lot* of your original posting... >255.255.255.240). The firewall, internal network, and DMZ are all in the >same WindowsNT domain. The firewall is a standalone server. The customer Are you referring to the classic DMZ description, or the Checkpoint one? So your external victim hosts are trusted by your internal servers. If anything happens to them the entire network could be compromised. It's like a bypass around the firewall! Created a seperate domain, block all browsing, only patch a specific workstation to the DMZ to manage the web-/ftpserver(s). >that they can see the shares that are available. By default, the user >will not see these because the NetBEUI protocol is not routable, (the Don't confuse NetBEUI with NetBIOS. NetBEUI is a network protocol like IP. NetBIOS is a session-layer protocol that can run on top of IP, IPX or NetBEUI. >internal network. I define a peering between the two (2) WINS servers >and force a replication. The DMZ WINS server pushes and the internal You don't want to allow stuff like WINS to cross your firewall, really... If you still do need to access a machine on the other side of the firewall, just create a '%SYSTEMROOT%\system32\drivers\etc\lmhosts'-file. Either: o Think about a good security policy and enforce it with the Firewall. o Just disable the firewall, it only stands in the way with all this stuff your customer wants to do :-). Good luck! -- Rodney van den Oever / 06 55868577 / PGP Key ID 0x0A6CCE53 When asked by an anthropologist what the Indians called America before the white man came, an Indian said simply "ours". - Vine Deloria, Jr.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:12 PDT