So, we come back to the original question: what issue are you attempting to address with the VPN? communications between the SCS and the gateway is already encrypted -- IPSec and SSL are merely secure transport mechanisms. By definition, one is not more secure or insecure than the other.
Are you concerned by some of the open ports? If so, tweak the implied rules. There are well-documented secureknowledge articles on locking down the footprint. On Mon, May 9, 2011 at 5:53 AM, carlopmart <[email protected]> wrote: > On 05/08/2011 01:05 AM, Independent IT Consultant wrote: > >> I don't understand the need for the 3rd firewall. All communications >> between the gateway and management are already encrypted (that's the point >> of SIC --"SECURE" Internal Communications). >> >> > I think I have not explained very well. This is my schema: > > SCS Server ---> Firewall (not CP) -----> Internet -----> Remote > SecurePlatorm FW R70.4 > > I would like to encrypt all communications between SCS and the remote Splat > gw with a strong algorithm that CP uses, like an ipsec tunnel. If I not > worng, CP uses ssl-based tunnels to communicate gws and SCS servers. Is that > correct?? > > Can I use an ipsec tunnel (or another strong communication algortihm than > ssl) to encrypt these communications?? > > Thanks. > > > -- > CL Martinez > carlopmart {at} gmail {d0t} com > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > Scanned by Check Point Total Security Gateway. > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
