All,
I have what I would consider a fairly common setup for a large
enterprise, with an internal FW-1 4.0 3DES-SP5 management console
managing several remote 4.0 firewall modules. I have now been asked to
VERY rapidly implement SecurRemote which should terminate conections on
one of the firewall modules. The scenario is as follows:
Management Console has a single 10.x.x.x interface, and is licensed for:
controlx pfmx oseu vpnstrong connect motif srunlimit
Remote Firewall Module has an internal 192.168.x.x, an external public
interface (that I originally though would be the VPN termination
address), a DMZ interface, and is licensed for :
pfmx vpnstrong motif srunlimit
I need to get this up and working but have been running into ALL KINDS
of issues. Firstly, I'm hearing from everyone (including Phoneboy's FAQ
at http://www.phoneboy.com/fw1/faq/0202.html) that the SR sessions have
to negotiate with the managment console, NOT the firewall module. But
if that's true, then how does the *firewall* module do the decryption?
And what do I do differently in the SecuRemote config? Do I put the
management console in as the "Site Identification Name:" when building a
new config (I understand that to do this I'd obviously have to add a
static NAT for the console's internal 10-dot to something routable)?
Also, I will need to be giving access to Internet users who have
routable, static IPs, but they will need access to 10-dot internal
hosts. With that in mind, which encapsulated encryption protocol is
best there?
Much confused and MANY thanks in advance,
Jason
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
