The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

FireWall-1 FAQ: What to Put in $FWDIR/conf/external.if

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


This file should contain the physical device name. You can get this by doing an ifconfig (Unix/IPSO) or ipconfig (NT). Example interface names include: le1, El90x1 (as in the letter E, the letter l, the number 9, the number 0, the letter x, and the number 1). On a Nokia platform, this should contain the physical interface name plus c0 (e.g. eth-s1p1c0).

The external interface is often the interface facing your Internet router. If you have more than one “external” interface, you should be using an unlimited node license, or upgrade to NG, which supports multiple external interfaces.

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.