NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Reporting Module - IP @ license ???



Dan,

The IP address listed on the fw object general tab
is the one that get's plugged into the userc.C file.

Look ath the section just below Options called :gws.
The :obj IP listed is the address the SR client is going
to contact in v4.0.

If you have an internal address listed, kill SR, change the
userc.C to the external IP of your fw, save and restart SR.

Under most circumstances, if you update your site, you'll
have to edit the file again, but noe always(haven't spent
the time to figure under which circumstances.) Unless you
update often, this isn't too much of a problem. But then again
I don't have thousands of clients using SR either.

This is why others have disagreed about having to use the
licenced address.

Robert

- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> Dan Hitchcock <[email protected]> 12/12/00 9:27:07 AM >>>
>
>This sounds great!  However, it doesn't jive with my experience.  Since 4.0
>(and perhaps even earlier), all interfaces of the firewall have been listed
>in userc.c on SR client, but I have never been able to successfully encrypt
>to anywhere except the licensed external interface of the firewall.  Might I
>be doing something wrong?
>
>Dan Hitchcock
>CCNA, MCSE
>Network Engineer
>Xylo, Inc.
>>The work/life solution for corporate thought leaders
>
>-----Original Message-----
>From: CryptoTech [mailto:[email protected]] 
>Sent: Monday, December 11, 2000 7:12 PM
>To: Gaughan, Daniel
>Cc: 'Dan Hitchcock'; 'Marc Jacquard'; Sumit; 'infosecurite'; 'fw1'
>Subject: Re: [FW1] Reporting Module - IP @ license ???
>
>In 4.1 sp2, a securemote client is able to do encryption to any of the ip
>addresses
>on the firewall it can reach.  It will attempt to reach any non-RFC1918
>address.
>The first responding address becomes the peer endpoint.  You will notice
>that in the
>userc.c file, ALL interfaces are listed.
>
>Daniel G. is right on the money that there is NO relation between the
>licensed ip
>address and the vpn modules 'workstation' ip address.  The only systems on
>which
>such a configuration will cause problems is some versions of the Nokia.
>
>CryptoTech
>
>"Gaughan, Daniel" wrote:
>
>> I don't think this is true. You DO have to use the interface closest to
>the
>> securemote client as the object defined in objects.C but that is
>independent
>> >from the license. (At least in version 4.1 the client got the external
>> address as part of the topology and then tried to use this address as the
>> endpoint of the encrypted traffic.)
>>
>> Daniel Gaughan
>>
>> -----Original Message-----
>> From: Dan Hitchcock [mailto:[email protected]] 
>> Sent: Monday, December 11, 2000 5:30 PM
>> To: 'Marc Jacquard'; Sumit; 'infosecurite'; 'fw1'
>> Subject: RE: [FW1] Reporting Module - IP @ license ???
>>
>> DON'T use the internal address UNLESS you're certain that you'll never
>need
>> encryption.  Encrypted traffic must pass through the licensed interface.
>>
>> Dan Hitchcock
>> CCNA, MCSE
>> Network Engineer
>> Xylo, Inc.
>>>> The work/life solution for corporate thought leaders
>>
>> -----Original Message-----
>> From: Marc Jacquard [mailto:[email protected]] 
>> Sent: Monday, December 11, 2000 1:10 PM
>> To: Sumit; 'infosecurite'; 'fw1'
>> Subject: RE: [FW1] Reporting Module - IP @ license ???
>>
>> I recommend that you license the internal IP of the machine.  That way if
>> you ever have an IP change on the external interface, you will not have to
>> get a new license.
>>
>> Marc Jacquard
>> SR. Systems Engineer
>> Fujitsu America, INC.
>> Hilo Office
>> email: [email protected] 
>> Telephone:>> Pager:>




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.