I think you want to use the edge/Sofaware device to create a client to site VPN from the end-users home - is this correct? If so, I am not sure how either the VPN-1 Edge or the Safe@ boxes work with Office Mode. I believe the Office Mode network Gary is referring to would be if you were creating a client connection to the Edge or Safe@ device.
Both devices support Client-to-Site VPN connections, and the Safe@ device is cheaper. I would talk with your Check Point SE to determine if either one interfaces with Office Mode pools as a client. Christopher Hoff -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Gary Scott Sent: Thursday, November 30, 2006 3:36 PM To: [email protected] Subject: Re: [FW-1] Office Mode and Vmware machines with local IP addresses Yes. You can do OM on a self managed edge device. You can set this under /network/my network -GS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jaja Banks Sent: Thursday, November 30, 2006 3:16 PM To: [email protected] Subject: Re: [FW-1] Office Mode and Vmware machines with local IP addresses Thanks for all the replies, I've managed to get NAT working on the VMware's, this definitely simplifies things (I hope it won't be too difficult to implement). My one remaining question is on product selection / pricing: -Can I buy a self-managed VPN-1 edge with Office Mode, without a SmartCenter? -If not, what's my "cheapest" alternative? Thanks, Yossi On 11/29/06, Jaja Banks <[EMAIL PROTECTED]> wrote: > > Hi everyone, > I have an unusual setup in one of our branch offices, and I can't figure > out whether Check Point's VPN gateway will work for me. > > The entire office is NAT'ed behind a local Linux Firewall right now ( > 192.168.x.x). > There are multiple servers internally that all have local IP address ( > 192.168.x.x). > > Engineers that work in this office have laptops with local addresses, at > home they either use the same addresses, or wireless (non-conflicting > addresses). > > Each engineer has Vmware machines on their laptops, all of which also have > addresses in the local range (192.168.x.x) so that when they're in the > office, everything works well. > > What I want to happen - I'd like to use SecureClient on the laptops, and > have the engineers connect from home (VPN) to the Firewall, and then use > their VMware machines to access internal resources (like CVS servers, FTP > servers, etc). I want to avoid forcing the engineers to change networks in > their VMware machines every time they come home... > > My questions: > 1. Does Office Mode support this configuration? Will I need some more > tweaking with the local IP ranges? > 2. If the answer to (1) is yes - what is the "smallest" Check Point VPN > device that will support this? (Sofaware, VPN-1 edge, or full blown VPN-1?) > 3. If the answer to (1) is no - what should I change on this LAN in order > to make it work both in and out of the office with the VMware machines, with > Office Mode? > Thanks in advance... > Yossi > <[email protected]> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
