[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Small office integration.
This will work. However, I would recommend against this solution from a security perspective. SecuRemote on an always-on connection (especially from a static IP address) is a very nice "trusted" connection into your internal network, both for the intended user and any hacker who manages to subvert your machine. If you SR client is some Win98 or NT workstation, it is not too hard for an experienced hacker to subvert the SR client and slide into your network on this "trusted" connection, while all of your logging makes it look like a valid SR session. Two possible solutions: 1 - Checkpoint SecureClient. Way too expensive, but a seamless solution for client-side firewalling. 2 - Checkpoint SmallOffice. They have teamed with Intrusion.com and Ramp Networks to build some handy little firewalls with full VPN functionality. For low user counts, this a great solution - the licensing is much cheaper than the full-blown FW1 license. Hope that helps, and isn't too off-topic. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: Mark Decker [mailto:[email protected]] Sent: Thursday, November 16, 2000 1:53 PM To: Joe Voisin (FW1) Cc: [email protected] Subject: RE: [FW1] Small office integration. Joe, Here's another option along the lines of Oliver's post, which might be preferrable if the number of users at the remote location is small. Many ISPs will let you have more than one user account and registered IP address on a DSL or Cable connection, usually for a small add'l fee (e.g. $5/mo per extra user). That way you don't need to buy a router or do NAT at the remote location. Just attach a hub to the DSL/Cable modem and several users can SecuRemote to their heart's content. Mark L. Decker Rainfinity [email protected] www.rainfinity.com> Oliver Bogen wrote: > > I think the cheapest way will be: > you get a normal DSL connection for your User and use Secure Remote over > the DSL connection. > > in case there is more than one User you can use > eg. a Zyxel Prestige 128l to connect your local Lan to the Internet via > DSL and if you upgrade to SP2 it will be possible for each user to > connect to your company via SecureRemote because with SP2 it > is possible to use Secure Remote behind a NAT Router ...... > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|