Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Mixing DES levels?

To: "'CryptoTech'" <[email protected]>
Subject: RE: [FW1] Mixing DES levels?
From: "Jeff Hochberg" <[email protected]>
Date: Sat, 11 Nov 2000 12:29:52 -0500
Cc: "'Tom Sevy'" <[email protected]>, "'Check Point FW List \(E-mail\)'" <[email protected]>
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

The only reason why I pointed out the modifications to the control.map file
is because I've run into situations where a customer will have enterprise
encryption center and for some reason or another purchased a module with no
encryption.  In the past, if you were using a management station that had
encryption and trying to manage a module with no encryption at all, I needed
to modify the control.map (per Frank's recommendation; I used to work with
him) to reduce or eliminate the encrypted channel between the management and
module.

I didn't take offense, I appreciate the constructive criticism.  I guess I
just wasn't clear enough as to which encryption scenario I was talking
about.

-Jeff

-----Original Message-----
From: CryptoTech [mailto:[email protected]]
Sent: Saturday, November 11, 2000 8:54 AM
To: [email protected]
Cc: 'Tom Sevy'; 'Check Point FW List (E-mail)'
Subject: Re: [FW1] Mixing DES levels?


Not true Jeff.  As a matter of fact, and I think Frank will concur, you
should never
change the control.map file unless you are quite certain of the
repercussions.  The
control.map file determines if FWA1, FWN1, or SSL, or (god forbid, NONE is
the
chosen secure transmission method between modules.

What you will need to do is to edit that vpn rules encryption method by
right
clicking on the 'Encrypt' action and selecting edit under the IKE tab.  Then
select
DES as the Encrypt Transform.

It is a very common thing to do what you are asking.

HTH,
CryptoTech

PS.  Please do not take offense Jeff.  I am not questioning your expertise,
just
indicating my companies policy with regard to firewalls.

Jeff Hochberg wrote:

> I think Frank already answered this question....
>
> No that's not a problem.  Depending on what encryption level you are
running
> on the Nokia, you may have to modify the control.map file to change which
> encryption scheme is used between the management and that module when
> pushing a policy or logging back to the management.
>
> Jeffrey Hochberg
> Digital Stronghold
> [email protected]
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of Tom
> Sevy
> Sent: Friday, November 10, 2000 4:24 PM
> To: 'Frank Darden'; Check Point FW List (E-mail)
> Subject: RE: [FW1] Mixing DES levels?
>
> Since this is an internal FW to protect us from our Vendors, we don't care
> much about encryption.  We won't be using it for any vpn.
>
> I just want to be sure that the 3Des Management Console won't complain
that
> it is talking to a lesser [encryption strength] Nokia IP box.
>
> -----Original Message-----
> From: Frank Darden [mailto:[email protected]]
> Sent: Friday, November 10, 2000 3:27 PM
> To: 'Tom Sevy'; Check Point FW List (E-mail)
> Subject: RE: [FW1] Mixing DES levels?
>
> Yes, you can mix DES as well as 3DES, and FWZ1. Youll set the encryption
> level on you action encrypt item in the rulebase.
>
> -----Original Message-----
> From: Tom Sevy [mailto:[email protected]]
> Sent: Friday, November 10, 2000 2:37 PM
> To: Check Point FW List (E-mail)
> Subject: [FW1] Mixing DES levels?
>
> We currently have two IP440's running 4.1 SP2 3Des.
>
> I need to add two new Firewalls (possible IP330, possible IP440) to
> segregate our network from a Vendor router segment (already throught about
> just making this another zone off of existing FW's, but decided to put in
> totally different new units for this task).
>
> Can the new one be less than 3Des?  Or does everything have to stay the
> same?
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Mixing DES levels?
  - From: CryptoTech <[email protected]>

References:
- Re: [FW1] Mixing DES levels?
  - From: CryptoTech <[email protected]>

Prev by Date: RE: [FW1] Max memory upgrade?
Next by Date: RE: [FW1] Off-topic (ssh2 over sparc solaris 2.6)
Previous by thread: Re: [FW1] Mixing DES levels?
Next by thread: Re: [FW1] Mixing DES levels?
Index(es):
- Date
- Thread