[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Private IP across Internet via a VPN

To: [email protected]
Subject: RE: [FW1] Private IP across Internet via a VPN
From: Amin Tora <[email protected]>
Date: Sat, 30 Dec 2000 20:30:53 -0500
Sender: [email protected]



...some more things to add onto ms. geekgirl's notes (off the top of my
head)...


 - when installing the modules, make sure to do a distributed installation
and select enforcement points...

 - if the modules are existing installations (maybe with mgmt enabled), make
sure that (on Unix platforms) in $FWDIR/conf/product.conf "Management=0" (on
NT) in the registry under
hkey_local_machine/software/checkpoint/fw1/4.1/"Management=0" ... you will
need to restart or fwstop/fwstart after the changes

 - if you are doing NAT for the management station you will need to do a
putkey on the modules for both the invalid mgmt ip and the valid (static
NATed) mgmt ip .. may need to edit the control.map file to allow invalid and
valid address for auth also... see phoneboy (http://www.phoneboy.com/fw1)

 - also make sure that everyone agrees on all hostnames to resolve to the
same IP addresses...otherwise may need to force specific IP by  "-n
ip_address" option of putkey see phoneboy (http://www.phoneboy.com/fw1)

 - sometimes re-doing putkeys doesn't work... you have to remove files and
re-do putkeys..see phoneboy (http://www.phoneboy.com/fw1) for some solutions
that work.


Amin Tora
ePlus Technology

This message may contain confidential and/or proprietary information, and is
intended only for the person / entity to whom it was originally destined.
The use of this information and unauthorized access to this information for
any other means is strictly prohibited.  The content of this message may
also contain private views and opinions that do not constitute a formal
disclosure or commitment unless specifically stated.

-----Original Message-----
From: Ms. Geekgirl [mailto:[email protected]]
Sent: Friday, December 29, 2000 8:49 AM
To: [email protected]; [email protected]
Subject: RE: [FW1] Private IP across Internet via a VPN



quick off the top of my head with some assumptions...

you could run cpconfig(v4.1) or fwconfig(v4.0) and specify
them. you could modify the fwmodules file $FWDIR/conf/masters
and add the ip of the fwmgr. and modify the fwmmgr's file
$FWDIR/conf/clients and add the ip's of the modules. make
sure you do a fwstop before and an fwstart after. you'll most
likely have to play with fw putkey too.

>From: infosecurite <[email protected]>
>
>Hello,
>
>How could I define that configuration between two
>checkpoint firewall-1 modules managed by the same
>management station ?
>
>Any documentation ?
>
>regards,
>steve.


gg
(Like a seedling in Spring, green and vulnerable.)

------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] 4.1 SP3 for Nokia IPSO platform ??
Next by Date: RE: [FW1] Redundancy & HA
Prev by thread: RE: [FW1] Private IP across Internet via a VPN
Next by thread: [FW1] management console upgrade (Very Urgent)
Index(es):
- Date
- Thread