Hey Guys, I'm looking to define a SecuRemote Client to Firewall-1 v4.1 VPN. I will be running with an IKE encryption tunnel with a scheme that will use a certificate approach, in particular Verisign certificates to validate the users. However I have a no. of questions. 1) In terms of defining the CA Server object, I will be selecting the type "OPSEC PKI" and the LDAP option to perform ldap lookup's to check certs against a CRL. I will be using the Get Certificate option to import a root CA. But where does this get imported to? A directory on the FW, or to say objects.c? Note that all certs that I will be generating for our clients will fall under the umbrella of my root CA imported here. In addition I don't see any correlation between the Get Cert option here and the Add Certificate on the FW object itself under the Certificates Add Property sheet? Is the latter the list of user Certs? Do I really need to define them? CheckPoint documentation is poor here. 2) In terms of defining your LDAP Account Unit object, I will be performing an LDAP lookup to a directory to perform CRL validation. Does the FW download this list to a directory location on the FW itself? Or does the CRL get downloaded to a local Certificate Manager here? Again there is little documentation here. I will be using Verisign On-Site to generate SecuRemote user Certs who will plug these into their roaming laptops. Perhaps someone can explain how this actually works as I have litle idea here. Thanks, Terry G. Security Administrator _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
