[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Management Console IP Address
Carmelo, Placing the management console inside the network is not really a security risk. Unless you have modified the firewall configuration files to allow unauthenticated remote access, then you aren't taking any risk. As a matter of fact, if you were to run VPN with FWZ1 key exchange, you would be forced to publish the address. If you wish, for your peace of mind, you could create an additional network segment off the firewall and place the management station into that segment, but I don't see any value add in doing so. HTH, CryptoTech "Carmelo Marturana @ Corporate" wrote: > I want to set up a distributed firewall/management console arrangement. > > Question: Should the IP address for the management console be within the > range of our NATed (illegal) IPs, hence routable on the internal network, > or should I create an additional IP scheme (DMZ?) and allow it access to the > internal network via firewall rules? > > Thanks.... > > cnm > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|