Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Linux solution

To: "Hankins, Bill" <[email protected]>
Subject: Re: [FW1] Linux solution
From: Rajeev Kumar <[email protected]>
Date: Fri, 10 Nov 2000 14:07:21 +0000
Cc: "'[email protected]'" <[email protected]>
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Solutions:
[1]Use SWAN, that will allow IPSec connection between Linux and FW-1.
    Cons: If you home users are getting Dynamic IP address, this is not a
feasible solution. 
	Also authentication methods may be an issue.
-------------------------------------------------------------------------------
[2] (Clumsy but works): (VMWARE and Linux Masquerading)
	Use VMWARE (http://www.vmware.com)  on Linux machine, install WinNT on VMWARE.
Give NT a private IP address (like 192.168.0.2). Setup Linux masquerading and
setup proper routes so that NT on vmware will pass packets through your host
Linux masquerading box. This setup will behave NT machine behind Linux (NAT)
gateway. Linux and NT (on VMWARE) can talk  to each other using samba(if it is
already running on your Linux box, vmware setup samba auto magically for you).

	FW-1 (4.1SP2) and Securemote build 4195 and above will allow SR behind NAT
gateway using IKE (No FWZ). So in above setup install Securemote on NT (VMWARE).
	If this works , you may want to use Hybrid IKE mode to get advantage of FW-1
auth. schemes not just (just shared secrets or certificates).
	Yes, this is a big setup issue but doable.

Note: There are few bugs in above setup like : you have to be careful selecting
private IP address on NT(VMWARE) etc. I can pull out more details if you  would
like. Checkpoint may fix that in future release.

Rajeev



> "Hankins, Bill" wrote:
> 
> 
> Does anyone know of a Linux solution for connecting to a Checkpoint 4.1
> firewall from home other than the Swan software.  I have quite a few engineers
> that run Linux at home and we need a secure solution of allowing them access
> to our network...TIA
> 
> Bill Hankins
> Network Engineer
> iPhrase Technologies
> 

-- 
################################################################## 
     Rajeev  Kumar ([email protected])
        ==> Web:: http://www.rajeevnet.com  <== 
##################################################################


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Linux solution
  - From: "Hankins, Bill" <[email protected]>

Prev by Date: [FW1] ALLOW_NON_SYN_RULEBASE_MATCH question
Next by Date: [FW1] Status of VPN-1 for Linux
Previous by thread: [FW1] Linux solution
Next by thread: RE: [FW1] Linux solution
Index(es):
- Date
- Thread