Thanks to everyone for the responses.
As it turns out the "Policy would block" error message in Firewall-1
was the result of an over-taxed hub in our lab. The policy would install
unless I had encryption enabled (which would logically make the policy
installation take longer). The default timeout setting is 25 seconds, but
rather than changing this default, I tossed our 10baseT hub aside and VLANd
the subnet on one of our corporate switches. This solved the FW-1 problem,
and I was easily able to solve any ACE/Server questions by referring to
their provided documentation and implementation guides.
The Phoneboy web site is excellent and thanks to those of you who
mentioned it. I will continue to scour the site for more information on
FW-1 performance enhancement and tools.
The network topology I included was a lab setup, and we certainly
won't be running an FTP server on either the authentication server or the
firewall management console when we implement the system for real (thanks
for the concern though).
Thanks Again,
Mike
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
