Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Secure Remote w/ PKI

To: "TAM,MATTHEW-SK (HP-HongKong,ex1)" <[email protected]>, <[email protected]>
Subject: RE: [FW1] Secure Remote w/ PKI
From: "Adams, Gavin" <[email protected]>
Date: Thu, 18 Jan 2001 10:49:30 -0400
Sender: [email protected]
Thread-index: AcCBQtOcRf2B4eiTQLmWCLhF6FjkfwAGjfyA
Thread-topic: [FW1] Secure Remote w/ PKI

SR works well with other PKIs. Verisign has an OnSite managed PKI
offering that works with FW-1. Also, Microsoft certificate services work
well for both firewall and SR certificates. Basically as long as the PKI
can generate and export PFX standard certificates, SR can import them.
Things to watch out for:

1) CN (common name) - Must be the username as listed in FW-1 user
database
2) CRL - Make sure that the CRL location is accessible by the firewalls
with certificates (HTTP or LDAP are normal methods)
3) Educate users on strong passwords for the certificates. Regular
password policies don't apply to client certificates, which can
dramatically reduce the effectiveness of certificates as an
authentication mechanism. 

HTH,

--- Gavin

 -----Original Message-----
From: 	TAM,MATTHEW-SK (HP-HongKong,ex1) [mailto:[email protected]] 
Sent:	Wednesday, January 17, 2001 22:17
To:	'[email protected]'
Subject:	[FW1] Secure Remote w/ PKI


Hi all,

Have anyone have any experience with Secure Remote and PKI?  From the
doc,
it seems Secure Remote only natively support Entrust Certificates.  Or
can
it import any X.509 certificate like the VPN-1 gateways?  Any links can
be
referenced for this issue?

Thanks!

Regards,

Matthew Tam
HP Consulting
Hewlett-Packard (Hong Kong) Limited

mailto: [email protected]
Tel: (852) 2599-7403
fax: (852) 2506-3592 


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- [FW1] Firewall Comparisons
  - From: "Rocky Stefano" <[email protected]>

Prev by Date: [FW1] sp3 download
Next by Date: RE: [FW1] sp3 download
Previous by thread: Re: [FW1] Secure Remote w/ PKI
Next by thread: [FW1] Firewall Comparisons
Index(es):
- Date
- Thread