[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Nokia FW-1/VPN-1 and SonicWall TELE2 interoperability
The rules should look like this: Rule Source Dest Action ------------------------------------------------- 1 check check encrypt sonicwall-1 sonicwall-1 sonicwall-2 sonicwall-2 2 encrypt-domain encrypt-domain encrypt sonicnet-1 sonicnet-1 sonicnet-2 sonicnet-2 Note that both actions are "encrypt". Also note that this will obviously not work if you need to use different encryption schemes or data integrity methods (we use the same for all remote sites, so it isn't an issue here). If you're using hide mode NAT out to the internet you'll also need to add a NAT rule in order to contact the remote networks from a machine in encrypt-domain: Original Translated source dest service source dest service ------------------------------------------------------------------- encdomain sonicnet-1 any original original original sonicnet-2 I have left the objects out of a group for ease of readability, but I would expect a group to behave identically. Hope that helps - good luck! Dan Hitchcock Network [email protected] Xylo, Inc. The work/life solution for corporate thought leaders -----Original Message----- From: Pearrow, Mark [mailto:[email protected]] Sent: Friday, January 19, 2001 1:14 PM To: 'Dan Hitchcock' Subject: RE: [FW1] Nokia FW-1/VPN-1 and SonicWall TELE2 interoperability Hi Dan, Many thanks for your reply. So if you have two sonicwalls for example, you need the following objects created to represent everything: - Checkpoint firewall object ("check") - Encryption domain object for behind the FW-1("encrypt-domain") - Sonicwall workstation object 1 ("sonicwall-1") - Sonicwall network 1 (private net behind sonicwall) ("sonicnet-1") - Sonicwall workstation object 2 ("sonicwall-2") - Sonicwall network 2 (private net behind sonicwall) ("sonicnet-2") The sonicwall objects are configured to use IKE, 3DES with a pre-shared secret. How do the two rules look exactly with regard to these objects? Like: Rule Source Dest Action ------------------------------------------------- 1 check sonicwall-1 accept sonicwall-1 check accept 2 encrypt-domain sonicnet-1 encrypt sonicnet-1 encrypt-domain encrypt Specifically, did you use a group to contain the sonicwall objects? Thanks, mjp ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|