[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Reporting Module - IP @ license ???
This sounds great! However, it doesn't jive with my experience. Since 4.0 (and perhaps even earlier), all interfaces of the firewall have been listed in userc.c on SR client, but I have never been able to successfully encrypt to anywhere except the licensed external interface of the firewall. Might I be doing something wrong? Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc.The work/life solution for corporate thought leaders -----Original Message----- From: CryptoTech [mailto:[email protected]] Sent: Monday, December 11, 2000 7:12 PM To: Gaughan, Daniel Cc: 'Dan Hitchcock'; 'Marc Jacquard'; Sumit; 'infosecurite'; 'fw1' Subject: Re: [FW1] Reporting Module - IP @ license ??? In 4.1 sp2, a securemote client is able to do encryption to any of the ip addresses on the firewall it can reach. It will attempt to reach any non-RFC1918 address. The first responding address becomes the peer endpoint. You will notice that in the userc.c file, ALL interfaces are listed. Daniel G. is right on the money that there is NO relation between the licensed ip address and the vpn modules 'workstation' ip address. The only systems on which such a configuration will cause problems is some versions of the Nokia. CryptoTech "Gaughan, Daniel" wrote: > I don't think this is true. You DO have to use the interface closest to the > securemote client as the object defined in objects.C but that is independent > >from the license. (At least in version 4.1 the client got the external > address as part of the topology and then tried to use this address as the > endpoint of the encrypted traffic.) > > Daniel Gaughan > > -----Original Message----- > From: Dan Hitchcock [mailto:[email protected]] > Sent: Monday, December 11, 2000 5:30 PM > To: 'Marc Jacquard'; Sumit; 'infosecurite'; 'fw1' > Subject: RE: [FW1] Reporting Module - IP @ license ??? > > DON'T use the internal address UNLESS you're certain that you'll never need > encryption. Encrypted traffic must pass through the licensed interface. > > Dan Hitchcock > CCNA, MCSE > Network Engineer > Xylo, Inc. >> The work/life solution for corporate thought leaders > > -----Original Message----- > From: Marc Jacquard [mailto:[email protected]] > Sent: Monday, December 11, 2000 1:10 PM > To: Sumit; 'infosecurite'; 'fw1' > Subject: RE: [FW1] Reporting Module - IP @ license ??? > > I recommend that you license the internal IP of the machine. That way if > you ever have an IP change on the external interface, you will not have to > get a new license. > > Marc Jacquard > SR. Systems Engineer > Fujitsu America, INC. > Hilo Office > email: [email protected] > Telephone:> Pager:> > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of > Sumit > Sent: Monday, December 11, 2000 10:34 AM > To: 'infosecurite'; 'fw1' > Subject: RE: [FW1] Reporting Module - IP @ license ??? > > It should be the external IP of your firewall gateway. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of > infosecurite > Sent: Monday, December 11, 2000 12:02 PM > To: fw1 > Subject: [FW1] Reporting Module - IP @ license ??? > > Hello, > > which IP address do I need to license when I generate > my checkpoint license (the Management address or one > of my module IP address) ? > > regards, > steve. > > __________________________________________________ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|