Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] VPN and "Security Policy Tab"

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] VPN and "Security Policy Tab"
From: "Robert MacDonald" <[email protected]>
Date: Fri, 29 Sep 2000 08:27:11 -0400
Sender: [email protected]

Takashi,

To see what the firewall is doing when the options
in the policy properties is checked, click on
View->Implied Rules. This will show you what each of
the implied rules look like in your rule base. They will be
in yellow(green if highlighted) under the windows GUI.
With that one property, you see many implied rules
generated!

You will not be able to directly edit these, since they are 
controlled by the software. Just create the ones you need
and then uncheck the property.

To see the changes to the rulebase, you may have to
turn off, then back on the view implied rules.

There have been suggestions in the past, that you should
only enable that which you need and disable all else.
Here is where you can learn from them and improve where
needed, since CP opens more than you normally want
with implied rules and you have less control with them.

OK. When you disable that property, you'll need to add
a few rules of your own. You'll need rules to allow the site
topology(encryption domain) to be downloaded to the
SR client, key exchange and encryption to be negotiated.
You also need add your RADIUS/TACACS systems.

I would suggest looking at www.phoneboy.vom/fw1 and
follow the Secure Remote and VPN/Encryption links.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> takashi kouda <[email protected]> 9/29/00 4:17:00 AM >>>
>
>Hi!
>
>We configure FireWall-1/VPN-1(ver4.1) and SecuRemote, so it is success
>in connecting!
>
>But when it is below configuration, it is failed
>
>1.Remove check of "Accept VPN-1 & FireWall-1 Control Connections" at
>"Security Policy Tab" of "Properties".
>
>2.RuleTable is below
>
>   souce |  destination | service | action
>  ------------------------------------------
>   test  |  CPFW-1      |FireWall | Accept
>
>   Test is NetworkObjects to include SecuRemote
>   CPFW-1 is NetworkObjects to include "FW Module" and "FW Management"
>   FireWall is default ServiceObjects
>
>
>I examined manual, so "Accept VPN-1 & FireWall-1 Control Connections"
>Check is used when "FW demon" connect to External Server as RADIUS or
>TACACS etc..
>
>When check is removed, what we add to RuleTable or Server
>
>Please tell me how to that




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Session authentication alert/error
Next by Date: [FW1] Https Problem with FW-1 ver 4.1
Previous by thread: [FW1] VPN and "Security Policy Tab"
Next by thread: AW: [FW1] Securemote Beta for Windows 2000 where ??
Index(es):
- Date
- Thread