[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Linux solution
Solutions: [1]Use SWAN, that will allow IPSec connection between Linux and FW-1. Cons: If you home users are getting Dynamic IP address, this is not a feasible solution. Also authentication methods may be an issue. ------------------------------------------------------------------------------- [2] (Clumsy but works): (VMWARE and Linux Masquerading) Use VMWARE (http://www.vmware.com) on Linux machine, install WinNT on VMWARE. Give NT a private IP address (like 192.168.0.2). Setup Linux masquerading and setup proper routes so that NT on vmware will pass packets through your host Linux masquerading box. This setup will behave NT machine behind Linux (NAT) gateway. Linux and NT (on VMWARE) can talk to each other using samba(if it is already running on your Linux box, vmware setup samba auto magically for you). FW-1 (4.1SP2) and Securemote build 4195 and above will allow SR behind NAT gateway using IKE (No FWZ). So in above setup install Securemote on NT (VMWARE). If this works , you may want to use Hybrid IKE mode to get advantage of FW-1 auth. schemes not just (just shared secrets or certificates). Yes, this is a big setup issue but doable. Note: There are few bugs in above setup like : you have to be careful selecting private IP address on NT(VMWARE) etc. I can pull out more details if you would like. Checkpoint may fix that in future release. Rajeev > "Hankins, Bill" wrote: > > > Does anyone know of a Linux solution for connecting to a Checkpoint 4.1 > firewall from home other than the Swan software. I have quite a few engineers > that run Linux at home and we need a secure solution of allowing them access > to our network...TIA > > Bill Hankins > Network Engineer > iPhrase Technologies > -- ################################################################## Rajeev Kumar ([email protected]) ==> Web:: http://www.rajeevnet.com <== ################################################################## ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|