[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Comm between Mgmt console and fw1 module
Using default control.map entries, yes it does work. Quoting Brian Mulford (recent post, but good cookbook on getting management to work): >I have done this. once you setup NAT, you might have problems with the >PUTKEYS, I did. checkpoint sent me these steps and it worked our great. >1. fwstop on the management >2. fwstop on the firewall >3.delete the authkeys.C file on the firewall >4.Edit the control.map file on the FireWall module by copying the MASTERS >line and pasting it above the existing MASTERS line. Change the word > MASTERS to the invalid IP of the Management module. >5.make sure that the $FWDIR/conf/masters file on the firewall holds >the valid and invalid address of the management server >6.On the Manager: fw putkey <valid managment IP> <firewall IP> >7.On the Manager again: fw putkey <invalid managment IP> <firewall IP> >8.On the FireWall: fw putkey <firewall IP> <valid management IP> >9.On the FireWall again: fw putkey <firewall IP> <invalid managementIP> >10.create in the $FWDIR/conf directory the loggers file. Place the valid >IP of the management in this file >11. fwstart the management >12. fwstart the firewall -----Original Message----- From: Scott Becker [mailto:[email protected]] Sent: Wednesday, January 10, 2001 05:50 To: [email protected] Subject: [FW1] Comm between Mgmt console and fw1 module There was some article that explains IPsec will not work with NAT. If a management console is using private IP address and it manages a number of vpn1 enforcement module thats having public ip addresses, can the management module and the firewall module communicate using fwa1 ? The management module is sitting behind of of the vpn1 enforcement module with internal ip. ideas ??? Thanks. ________________________________________________________________________ _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|