On Tue, Jun 20, 2000 at 12:07:44AM -0700, Jerald Josephs wrote:
> Unfortunately, FireWall-1 is not going to encrypt and encapsulate any
> network
> connections that originate from the Intranet and are addressed to the
> SecuRemote
> Client.
Actually, you can. See below.
> For one, FireWall-1 does not have a method where it can enumerate all of the
> authenticated users which have a current connection and then dynamically
> associate
> an action that would enable it to encrypt outbound packets to the IP address
> of
> the SecuRemote client. It can only encrypt and encapsulate packets that
> match an
> existing entry in the state tables.
FireWall-1 maintains a list of authenticated IPs in userc_rules. As long
as the user has initiated a communication to the encryption domain in
the past 15 minutes, FireWall-1 will encrypt traffic sent to any IP in
this table. (This is covered on phoneboy.com)
> Secondly, SecuRemote or SecureClient would not accept any encrypted
> encapsulated
> packets originating from the encryption domain with the SYN bit set.
It actually does.
-- Dameon
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
