Yes, you'll need to 'upgrade' your FW-1 software to include the 3DES algorithm, for that you'll need to install the 'Strong' edition. You can install over the top, but you'll need to be careful with build numbers, you might need to revert to a previous SP level. You can download from Checkpoint's site if you have a suitable login. At 09:54 14/11/2000 +0000, you wrote: >Hi, > >Any information or advice on the following would be of great help:- > >At present, we have a VPN setup bewteen us and a third party company. Both >Firewalls are Firewall-1. The difference is, we are Version 4.0 (Build 4031 >VPN + DES) and their's is Version 4.1 VPN + DES (I'm not too sure what >build its got.). > >What I want to do is change how the ISAKMP/OAKELY Phase one key exchange is >encrypted, I want to amend this from DES to 3DES. The data that the rule >encrypts I don't want to change - this is set to DES at the moment. > >I believe for this to happen I will need a License that supports VPNSTRONG >on both Firewalls. This is what I was told my my Firewall support area. > >I'm still not so sure because the version is VPN +DES only. I was a bit >concerned that you need to also install 3Des algorithms. > >Has anyone performed a simlalar operation. > >Thanks. > > > > >Nick Mandis >Security Services > >Level O/1, Goodmans Fields, 74 Alie Street, London E1 8HL > >Phone: 78003: 3653 (0171 480 3653) >work email: [EMAIL PROTECTED]: > >-------------------------------------------------------------------------------------------- >"National Westminster Bank plc is registered in England No 929027. >Registered Office: 135 Bishopsgate, London EC2M 3UR. >National Westminster Bank plc is regulated by IMRO, SFA and Personal >Investment Authority. A member of the NatWest and Gartmore Marketing >Group advising on the life assurance, pensions and unit trust products >only of that Marketing Group. > >This e-mail message is confidential and for use by the addressee only. If >the message is received by anyone other than the addressee, please return >the message to the sender by replying to it and then delete the message >from your computer. >Internet e-mails are not necessarily secure. National Westminster Bank >plc does not accept responsibility for changes made to this message after >it was sent." >-------------------------------------------------------------------------------------------- > > >================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
