[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] VPN-1 <-> non-VPN-1 IPsec rekeying
Greetings list, Administratively, how do you deal with firewall policy changes with VPN connections to non-Checkpoint systems, ala Cisco, SonicWall, FreeSwan, etc.? Under 4.1 SP2, if a new policy is pushed to an enforcement point, SA's between VPN-1 firewalls automatically get reestablished while other IPsec clients/gateways need to clear or restart IPsec services. This is fine for one or two VPN connections but becomes burdensome when dealing with 7-8 sites or multiple policy changes per day. Has anyone checked to see if SP3 allows non-Checkpoint IPsec devices to gracefully reestablish SA's, or other helpful hints on dealing with these types of changes? I'm also interested if Checkpoint users have migrated to IPsec-specific devices, and only use VPN-1 for SecuRemote users. Cheers, --- Gavin ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|