Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firebox SOHO

To: "Olmstead, Frank M." <[email protected]>, <[email protected]>
Subject: RE: [FW1] Firebox SOHO
From: "Gregor Munro" <[email protected]>
Date: Tue, 24 Oct 2000 07:59:11 +1300
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

Hi Frank,

I've been involved with a similar implementation between Auckland
(FireWall-1 v4.1), New Zealand and Tokyo (Watchguard FireBox-II), Japan for
some time now.

If you look at the icsa web site
(http://www.icsa.net/html/communities/ipsec/certification/certified_products
/index.shtml), you'll see that the Firebox appliances are certified as a
firewall, but NOT an IPsec device!!! I dont know why, but I suspect that
this is a problem with the SA key size. The IPSec standard requires keys to
be > 512, however the FireBox-II appears to use a key length much shorter.

Watchguard do have a PDF document that describes how this is supposed to
hang together, however I tried it down to the last ip address and still
couldnt get it to work. By the way, their description of how to implement
FireWall-1 was the suckiest I've ever seen. They really just dont have a
clue!

When I queried Watchguard on their IKE/IPSec implementation, their response
was - "we dont need to get our box independently certified/verified, we do
our own testing in house. Besides which, it works with a Cisco router".
Cisco do not appear on the certified products list either!

Let me know if you get anywhere, I'd be very interested to see what you come
up with.

Cheers
Greg
__________________________________________________________

Please Note: This e-mail is only intended to be read by the named recipient.
It may contain information that is confidential, proprietary or the subject
of legal privilege. If you are not the intended recipient, you must delete
this e-mail and may not use any information contained in it. Legal privilege
is not waived because you have read this e-mail. All content is to be
treated as confidential unless otherwise specified, and is not to be
forwarded to third parties without prior permission by the author. To do so
is a clear breach of the New Zealand Privacy Act.

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Olmstead, Frank M.
Sent: 24 October 2000 8:05 a.m.
To: [email protected]
Subject: [FW1] Firebox SOHO



Anybody have any luck configuring a Watchguard Firebox SOH to a Checkpoint
FW-1 v. 4.0 ?

 Regards,
  Frank
 ______________________
 Frank M. Olmstead
 IT Manager

 Coreco Imaging, Inc.
 55 Middle Turnpike
 Bedford, MA  01730-1421: phone: fax: cell
 www.imaging.com



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Firebox SOHO
  - From: "Olmstead, Frank M." <[email protected]>

Prev by Date: [FW1] IAS + w2k
Next by Date: [FW1] FIXED.Checkpoint Secure SMTP acting as SPAM Relay..
Previous by thread: [FW1] Firebox SOHO
Next by thread: [FW1] Is 4.0 rulebase/objects.C compatible with 4.1?
Index(es):
- Date
- Thread