Checkpoint FW1-4.1 on Win2K

[peterve]

2 small questions :

- Does FW1-4.1 run on Win2K ?
(maybe I need at least FW-1 SP4 or something...)
any things I'll have to keep in mind ?

- Can I install Checkpoint on a machine that has 1 static IP and 1 DHCP IP ?
Assuming that I'll change the interface properties every time I reboot the machine...

thanks

---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[Guest_imported]

Peterve,

Yes CP-FW1 SP2 and higher runs on Win2K...

As for DHCP, it's impossible to set the external IP to DHCP in 4.1 because the license is bound to that IP address and CheckPoint will stop working if it changes. As for your internal address, as it need to be the default gateway of your internal devices, if it changes you will have to change your default gateways, if it's on one machine it's not so bad but on a full network it doesn't make sens.

NG will support DHCP because the license is now bound to the management console and not the enforcement point. I have fooled around with it tho.

 

[peterve]

What would happen if I add a third NIC to the machine, with another (private subnet) IP
e.g.
LAN : 10.0.0.1
2nd NIC : 192.168.0.1
External NIC : DHCP

-> What would happen when I register CP on the 2nd NIC ? ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[Guest_imported]

If you register FW1 on your internal Interface, it will considere that interface as external and will start counting IP addresses of the Internet as protected thus busting your license agreement.

FW1 support only one external Interface, it will consider all other interface as Internal. So however you try it, you will bust the license.

 

[peterve]

I have a FW setup with 5 NIC's, which uses a 192.168.0.x address as licensed address... and it works fine...

is it just a matter of license, of is there something I would have to look for (I will try it anyway so... something I have to know to get it to work ?)

thanks ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[Guest_imported]

If you are running an unlimited version, it doesn't matter as much as, let's say, a 50 users license. You could get into trouble when trying to set VPNs. I've never tried it but you would have to declare encryption domain that would look as external to your firewall and could get some odd behaviour from the firewall...

I'm not saying it won't work, but it's definitely not the recommended set up.

I heard of people who bound the license on the loopback (127.0.0.1) and got it to work. But when it comes to security, I believe that messing around with design concept could be a risky business.

Keep an eye on your event log, if there's a problem, that's were it will show up, like license violation etc...

 

[peterve]

thanks ! ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !