Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Reporting Module - IP @ license ???

To: Dan Hitchcock <[email protected]>
Subject: RE: [FW1] Reporting Module - IP @ license ???
From: "Chris 'Chipper' Chiapusio" <[email protected]>
Date: Mon, 11 Dec 2000 22:06:57 -0500 (EST)
Cc: "'Marc Jacquard'" <[email protected]>, Sumit <[email protected]>, "'infosecurite'" <[email protected]>, "'fw1'" <[email protected]>, <[email protected]>
In-reply-to: <4D9EE0A4BFECD311B7CA83752@srv_web.corp.xylo.com>
Sender: [email protected]

I feel its important to clear this all up.  I can speak with authority on
all the items (however distant from the orignal question).

Onward...

On Mon, 11 Dec 2000, Dan Hitchcock wrote:

>
>DON'T use the internal address UNLESS you're certain that you'll never need
>encryption.  Encrypted traffic must pass through the licensed interface.

I presume you are referring to an enforcment point (inspect module, VFM,
whatever) and you are wrong. dead wrong.  I license my heartbeat interface
on my nokias so I have IP mobility like Marc describes below.

>
>-----Original Message-----
>From: Marc Jacquard [mailto:[email protected]]
>Sent: Monday, December 11, 2000 1:10 PM
>To: Sumit; 'infosecurite'; 'fw1'
>Subject: RE: [FW1] Reporting Module - IP @ license ???
>
>I recommend that you license the internal IP of the machine.  That way if
>you ever have an IP change on the external interface, you will not have to
>get a new license.

Fujitsu is lucky to have you. You are not only correct, but also have
fore thought.

>
>It should be the external IP of your firewall gateway.

shoulda, woulda, coulda

>-----Original Message-----
>From: [email protected]
>[mailto:[email protected]]On Behalf Of
>infosecurite
>Sent: Monday, December 11, 2000 12:02 PM
>To: fw1
>Subject: [FW1] Reporting Module - IP @ license ???
>
>
>
>Hello,
>
>which IP address do I need to license when I generate
>my checkpoint license (the Management address or one
>of my module IP address) ?
>
>regards,
>steve.

Steve, sorry it took so long for someone to read both the subject and body
of your message, but just to be clear lets spell it out for everyone:

You bought a reporting module, you want to know what IP to license it to.
correct?

the answer: it depends (as usual)

You need to install Reporting module on a machine that has firewall logs
on it, which means either your management station, or a Customer Log
Module (CLM Licensed host) that you have configured your firewalls to log
to (possibly in addition to you management station).

So, in short, license it to the ip of you managment station, or if you
wish to run it on seperate hardware, also buy a CLM licence (I understand
that do not cost much) and run it on its own machine.

as yourself: Why couldn't my vendor answer this?

Chipper

------
                    Please encrypt anything important.
PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Reporting Module - IP @ license ???
  - From: Dan Hitchcock <[email protected]>

Prev by Date: Re: [FW1] Dynamic IPSEC in Checkpoint VPN
Next by Date: Re: [FW1] Reporting Module - IP @ license ???
Previous by thread: RE: [FW1] Reporting Module - IP @ license ???
Next by thread: RE: [FW1] Reporting Module - IP @ license ???
Index(es):
- Date
- Thread