NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Small office integration.



This will work.  However, I would recommend against this solution from a
security perspective.  SecuRemote on an always-on connection (especially
from a static IP address) is a very nice "trusted" connection into your
internal network, both for the intended user and any hacker who manages to
subvert your machine.  If you SR client is some Win98 or NT workstation, it
is not too hard for an experienced hacker
to subvert the SR client and slide into your network on this "trusted"
connection, while all of your logging makes it look like a valid SR session.
Two possible solutions:

1 - Checkpoint SecureClient.  Way too expensive, but a seamless solution for
client-side firewalling.
2 - Checkpoint SmallOffice.  They have teamed with Intrusion.com and Ramp
Networks to build some handy little firewalls with full VPN functionality.
For low user counts, this a great solution - the licensing is much cheaper
than the full-blown FW1 license.

Hope that helps, and isn't too off-topic.

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders

-----Original Message-----
From: Mark Decker [mailto:[email protected]]
Sent: Thursday, November 16, 2000 1:53 PM
To: Joe Voisin (FW1)
Cc: [email protected]
Subject: RE: [FW1] Small office integration.



Joe,

Here's another option along the lines of Oliver's post, which might be
preferrable if the number of users at the remote location is small.  Many
ISPs will let you have more than one user account and registered IP address
on a DSL or Cable connection, usually for a small add'l fee (e.g. $5/mo per
extra user).  That way you don't need to buy a router or do NAT at the
remote location.  Just attach a hub to the DSL/Cable modem and several users
can SecuRemote to their heart's content.

Mark L. Decker
Rainfinity
[email protected]
www.rainfinity.com> Oliver Bogen wrote:
>
> I think the cheapest way will be:
> you get a normal DSL connection for your User and use Secure Remote over
> the DSL connection.
>
> in case there is more than one User you can use
>   eg. a Zyxel Prestige 128l to connect your local Lan to the Internet via
>   DSL and if you upgrade to SP2 it will be possible for each user to
>   connect to your company via SecureRemote because with SP2 it
>   is possible to use Secure Remote behind a NAT Router ......
>



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.