NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Nokia FW-1/VPN-1 and SonicWall TELE2 interoperability



The rules should look like this:

Rule 	Source		Dest			Action
-------------------------------------------------
1	check			check			encrypt
	sonicwall-1		sonicwall-1			
	sonicwall-2		sonicwall-2

2	encrypt-domain	encrypt-domain	encrypt
	sonicnet-1		sonicnet-1
	sonicnet-2		sonicnet-2

Note that both actions are "encrypt".  Also note that this will obviously
not work if you need to use different encryption schemes or data integrity
methods (we use the same for all remote sites, so it isn't an issue here).
If you're using hide mode NAT out to the internet you'll also need to add a
NAT rule in order to contact the remote networks from a machine in
encrypt-domain:

	Original					Translated
source	dest		service	source	dest		service
-------------------------------------------------------------------
encdomain   sonicnet-1	any		original	original
original
		sonicnet-2

I have left the objects out of a group for ease of readability, but I would
expect a group to behave identically.

Hope that helps - good luck!

Dan Hitchcock
Network [email protected]
Xylo, Inc.
The work/life solution for corporate thought leaders


-----Original Message-----
From: Pearrow, Mark [mailto:[email protected]]
Sent: Friday, January 19, 2001 1:14 PM
To: 'Dan Hitchcock'
Subject: RE: [FW1] Nokia FW-1/VPN-1 and SonicWall TELE2 interoperability


Hi Dan,

Many thanks for your reply. So if you have two sonicwalls for example, you
need the following objects created to represent everything:

- Checkpoint firewall object ("check")
- Encryption domain object for behind the FW-1("encrypt-domain")

- Sonicwall workstation object 1 ("sonicwall-1")
- Sonicwall network 1 (private net behind sonicwall) ("sonicnet-1")

- Sonicwall workstation object 2 ("sonicwall-2")
- Sonicwall network 2 (private net behind sonicwall) ("sonicnet-2")

The sonicwall objects are configured to use IKE, 3DES with a pre-shared
secret. 

How do the two rules look exactly with regard to these objects? Like:

Rule 	Source		Dest			Action
-------------------------------------------------
1	check			sonicwall-1		accept
	sonicwall-1		check			accept

2	encrypt-domain	sonicnet-1		encrypt
	sonicnet-1		encrypt-domain	encrypt

Specifically, did you use a group to contain the sonicwall objects?

Thanks,

mjp


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.