So let me conclude with that if two gnatbox VPNs was up to work ,either side of gnatbox web interface administration ping utility should reach to other's protect network(PRO interface),but actually it failed and we really expect it should do,it seems that the gnatbox external network does not know a valid VPN was in place on the peer network(s), so if there was problem to send firewall syslog messages to the pc on the peer VPN, I think this is a same issue.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Pierre Stone" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, January 27, 2002 1:48 PM Subject: Re: [gb-users] A VPN Question not a stupid question....just getting lost in your english....that is not a jab at you either....I would be happy to help if I understood the question Sounds like a nice tool your making. You should be able to ping the External Interface and the Protected network of boxes you are VPNd to. So you shouldn't have a problem hitting the public or private IPs. If I'm following you on this...something you CANNOT do is hit the config part of gnatbox via the VPN. I have brought this up to GTA several times and so have many people I know that use gnatbox. My purpose is because if I have a VPN I want to use it...I want all my syslog packets from all my firewalls to be using the private addresses and the VPN and not the external network without VPN. I am guessing that is where you are coming from. Stand in line for that feature...GTA doesn't seem to think it is that important or we would have it already. On Sun, 27 Jan 2002 11:06:17 +0800, you wrote: > >> I didn't understand the question at all. >> >> Why don't you use the actual IPs that are not working since >> you already pasted them anyway. > > >The reason is: > >1. We have several sites that use GB Flash as our firewall and VPN >device. >2. We wrote a program that can directly control GB Flash without using >GBAdmin or GB WEB Base Admin, the purpose of our program is to control >all of our GB Firewall at the same time. This means we can control our >at least 6 GB Firewall in one program, and the point is this program can >receive GB or SNORT's syslog, and our program will automatically >analysis these logs, ....this program will make some rules, and then >temporary modify all of our GB firewall's rules. >3. Why we want do this? To save time, save IT man power....since we >have many sites did not have any IT people. So we need an automatically >function to control our remote site's GB Firewall. We can use GBAdmin, >but if we need to modify our 6 GB Firewall, then we need to have an IT >people connect to our 6 GB firewall 6 times, right? But use our own >program, we can connect to our 6 GB firewall at one time. It's simple >for our IT people. >4. To us PING command on the GB Firewall to test the two sites VPN >connection is to make sure the remote site firewall is online, ....we >can use another way to make sure the remote site GB firewall is >online....so, my question is a stupid question, please forget it. > >Stone > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] �D??H?w�DN!mMailWALL - E-Mail �L??oAe!nAEAc?o?a?I��??r!C Mailwall A`�DN2z!G��I��-�Me�XTaN�D��|3--??�Dq http://www.adcom.com.tw --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
