|
Christian,
A better route would be to have the policy be obtained from the enforcement point, by disallowing 'Unauthenticated Cleartext Topology requests." There is no reason to give external people access to the management station at all. CryptoTech Christian ALT wrote: Up to now we had the firewall module and the management module on the same system. We have users accessing with SecuRemote. We are going to split the management module from the firewall. The firewall is performing NAT to the internal LAN. The management station will be located on the LAN. Do we have to use an official IP address for the management station in order to be accessed by SecuRemote, or can we use static NAT. In this situation what is the site name or Ip address does it become the one of the management station ? My answer is that the management station has to be NATed and accessible from outside. The site definition in SecuRemote is the management station's IP address. Please correct me if I'm wrong Christian ALT Telecom and Logistics Associates |
- [FW1] Management module separation and SecuRemote access thr... Christian ALT
- CryptoTech
