|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Mixing DES levels?
Not true Jeff. As a matter of fact, and I think Frank will concur, you should never change the control.map file unless you are quite certain of the repercussions. The control.map file determines if FWA1, FWN1, or SSL, or (god forbid, NONE is the chosen secure transmission method between modules. What you will need to do is to edit that vpn rules encryption method by right clicking on the 'Encrypt' action and selecting edit under the IKE tab. Then select DES as the Encrypt Transform. It is a very common thing to do what you are asking. HTH, CryptoTech PS. Please do not take offense Jeff. I am not questioning your expertise, just indicating my companies policy with regard to firewalls. Jeff Hochberg wrote: > I think Frank already answered this question.... > > No that's not a problem. Depending on what encryption level you are running > on the Nokia, you may have to modify the control.map file to change which > encryption scheme is used between the management and that module when > pushing a policy or logging back to the management. > > Jeffrey Hochberg > Digital Stronghold > [email protected] > > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of Tom > Sevy > Sent: Friday, November 10, 2000 4:24 PM > To: 'Frank Darden'; Check Point FW List (E-mail) > Subject: RE: [FW1] Mixing DES levels? > > Since this is an internal FW to protect us from our Vendors, we don't care > much about encryption. We won't be using it for any vpn. > > I just want to be sure that the 3Des Management Console won't complain that > it is talking to a lesser [encryption strength] Nokia IP box. > > -----Original Message----- > From: Frank Darden [mailto:[email protected]] > Sent: Friday, November 10, 2000 3:27 PM > To: 'Tom Sevy'; Check Point FW List (E-mail) > Subject: RE: [FW1] Mixing DES levels? > > Yes, you can mix DES as well as 3DES, and FWZ1. Youll set the encryption > level on you action encrypt item in the rulebase. > > -----Original Message----- > From: Tom Sevy [mailto:[email protected]] > Sent: Friday, November 10, 2000 2:37 PM > To: Check Point FW List (E-mail) > Subject: [FW1] Mixing DES levels? > > We currently have two IP440's running 4.1 SP2 3Des. > > I need to add two new Firewalls (possible IP330, possible IP440) to > segregate our network from a Vendor router segment (already throught about > just making this another zone off of existing FW's, but decided to put in > totally different new units for this task). > > Can the new one be less than 3Des? Or does everything have to stay the > same? > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
