[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firebox SOHO
Hi Frank, I've been involved with a similar implementation between Auckland (FireWall-1 v4.1), New Zealand and Tokyo (Watchguard FireBox-II), Japan for some time now. If you look at the icsa web site (http://www.icsa.net/html/communities/ipsec/certification/certified_products /index.shtml), you'll see that the Firebox appliances are certified as a firewall, but NOT an IPsec device!!! I dont know why, but I suspect that this is a problem with the SA key size. The IPSec standard requires keys to be > 512, however the FireBox-II appears to use a key length much shorter. Watchguard do have a PDF document that describes how this is supposed to hang together, however I tried it down to the last ip address and still couldnt get it to work. By the way, their description of how to implement FireWall-1 was the suckiest I've ever seen. They really just dont have a clue! When I queried Watchguard on their IKE/IPSec implementation, their response was - "we dont need to get our box independently certified/verified, we do our own testing in house. Besides which, it works with a Cisco router". Cisco do not appear on the certified products list either! Let me know if you get anywhere, I'd be very interested to see what you come up with. Cheers Greg __________________________________________________________ Please Note: This e-mail is only intended to be read by the named recipient. It may contain information that is confidential, proprietary or the subject of legal privilege. If you are not the intended recipient, you must delete this e-mail and may not use any information contained in it. Legal privilege is not waived because you have read this e-mail. All content is to be treated as confidential unless otherwise specified, and is not to be forwarded to third parties without prior permission by the author. To do so is a clear breach of the New Zealand Privacy Act. -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Olmstead, Frank M. Sent: 24 October 2000 8:05 a.m. To: [email protected] Subject: [FW1] Firebox SOHO Anybody have any luck configuring a Watchguard Firebox SOH to a Checkpoint FW-1 v. 4.0 ? Regards, Frank ______________________ Frank M. Olmstead IT Manager Coreco Imaging, Inc. 55 Middle Turnpike Bedford, MA 01730-1421: phone: fax: cell www.imaging.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|