Default Route to Logical Name??

[henke]

Hope you can help. I'm trying to setup the default route on via Nokia Voyager to point out of an interface rather than to an IP address. I have deleted the default route and added it back in, rather than selecting IP Address, I selected Logical name so I could point it to on interface. When I apply this, it does work, the apply is accepted.

The problem is when I go to set the logical name, gateway is set to 'none' from the drop down menu. There is no list of interfaces, nor can I manually enter in the logical name. It is set to 'none' and cannot be changed.

Can the above be done? Or am I doing something completely stupid?

Any help/feedback would be greatly appreciated.

[Joncon]

henke,

Why do you want to point the default route to an interface name rather than an IP address? I can't understand why you would want to do this, but there's obviously a reason.

[henke]

Hi Joncon,

Yip, it is a bit of a bizarre setup. It is only a temporary measure as my customer wants to use their new Internet link. They are desperate for more bandwidth and the only place to connect their new circuit is directly into the Checkpoint FW. I know it goes against good practice, but it is only a temp measure until early Jan 07. The circuit is just an internet pipe from an ISP, so there is no remote IP address for next hop provided, hence the reason I want to just use a logical interface as the next upstream hop.

Any ideas?

Cheers,

Henke.

[Joncon]

henke,

Has the ISP that has provided the new connection not installed a managed / border router for the connection? What kind of service has the customer bought? Have never setup a 'corporate' internet link without having an ISP supplied router. Has the ISP not assigned you a range of Public IPs to use with the new connection?

[henke]

Hi Joncon,
Thanks for getting back to me. They haven't supplied a router. They have supplied a range of IP addresses. The customer has a router it will migrate from an existing internet link in Jan 07, this is just a temporary 'bodge' to get them through until that period and give them more bandwidth as they're existing bandwidth is maxed out. For a relatively small network, it is a very complex setup and whatever way I turn another hurdle appears.

I would have thought just pointing a default route out an interface would have been a relatively straightforward thing to do.

Cheers,

Kenny.

[Joncon]

Ok. If the ISP has supplied a range of public IPs that are availible for you to use can you not assign one to the 'external' NIC on the FW that you want the new internet pipe connected to? You can then assign a default route through Voyager to route internet traffic to this IP.

You will need to think how the below will affect the organisation. Things to conside:-
1. DNS records.
2. MX records.

Personally, I would prefer to sit a router in front of the firewall that you can screen incomming traffic with and filter unwanted traffic out with an ACL. This would be your first line of defence and help to take the load off the FW. However, it appears the customer is desparate so it's your call. Either way I would explain the risks of not having a screening router.

Hope this helps,

Joncon

[henke]

Thanks Joncon, I'll give it a try. They are going to arrange for their MX records etc to be updated. I explained to them that this is far from ideal and there is a certain degree of risk, even in a temporary setup.

Thanks for your help.

Henke.