Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecureRemote

To: "'CryptoTech'" <[email protected]>, "WEIZENECKER, Robert, GCM" <[email protected]>
Subject: RE: [FW1] SecureRemote
From: Dan Hitchcock <[email protected]>
Date: Wed, 8 Nov 2000 11:29:37 -0800
Cc: [email protected]
Sender: [email protected]

If I understand Robert's question, your concern is more packet source than
security, i.e. want to make SR requests to internet sites look like they're
originating from your internal network.  This is useful if, for example, you
connect to sites that validate you based on source IP address.

Unfortunately, I don't think it will work.  The only way I can think of to
do it is to make your encryption domain 0.0.0.0 mask 0.0.0.0, use IP Pool
NAT, and use source routing to bounce the SR requests off an internal router
and back out to the internet.  Would be messy, but might just work, as the
FW will NAT before passing it to the OS to route.  I don't think the 0.0.0.0
encryption domain will do it by itself, but you can give it a try.

Let me know how it goes - I'm intrigued...

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders

-----Original Message-----
From: CryptoTech [mailto:[email protected]]
Sent: Tuesday, November 07, 2000 9:13 PM
To: WEIZENECKER, Robert, GCM
Cc: [email protected]
Subject: Re: [FW1] SecureRemote

Since the configuration you refer to is extremely inefficient (I did not say
it was
not secure,)  I can think of only one way, and that is to use secureclient,
set a
policy of allow encrypted only and require that your remote users specify an
internal proxy (not the firewall) to get outside requests.

That is, to the best of my experience, the cleanest way to do it.

HTH,
CryptoTech

"WEIZENECKER, Robert, GCM" wrote:

> Is it possible to setup SecureRemote so clients can only connect to the
> Firewall \ VPN and browse the internet through the firewall (Effectively
> disabling Split-tunnel as referred to on other VPN devices.) ? I would
like
> to force all traffic from the client to the VPN then back out to the
> internet.
>
> Thanks in advance for your help.
>
> Rob Weizenecker
>
> **********************************************************************
> This e-mail is intended only for the addressee named above.
> As this e-mail may contain confidential or privileged information,
> if you are not the named addressee, you are not authorised to
> retain, read, copy or disseminate this message or any part of it.
> ************************************************************************
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SP2 and CVP
Next by Date: [FW1] URI Blocking & forwarding to custom page.
Previous by thread: Re: [FW1] SecureRemote
Next by thread: RE: [FW1] SecureRemote
Index(es):
- Date
- Thread