Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Re: Checkpoint Firewall-1 access behind Linux Nat/Masq

To: [email protected]
Subject: [FW1] Re: Checkpoint Firewall-1 access behind Linux Nat/Masq
From: Johan Lindquist <[email protected]>
Date: Thu, 15 Mar 2001 11:14:42 +0100
Cc: "Timothy F. Lee" <[email protected]>
Organization: C&S Healthcare Management AB
References: <[email protected]>
Sender: [email protected]

"Timothy F. Lee" wrote:
> 
> Thanks much for the reply. Is there a documented FAQ somewhere on what I
> need to do on the Checkpoint end and on the Linux end ot get all this
> working together? Was there anything else you did on the Checkpoint
> firewall other than upgrading to the latest revisions? Thanks.
> 
> On Wed, 14 Mar 2001, bill chmura wrote:
> 
> > I got it working with the most permissive of rule sets on the Linux
> > box.  This is using the latest release of FW1, with SP2 on it - prior
> > to that there were big issues with NAT
> >
> > What version of CP FW1 are you running, and do you have a recent
> > secureremote?
> >
> > -----Original Message-----
> > Subject:  [FW1] Checkpoint Firewall-1 access behind Linux Nat/Masq
> >
> >
> >
> > Hope this isn't a FAQ, but has anyone successfully gotten Checkpoint's
> > SecureClient connecting to their firewall-1 product through a linux
> > firewall box using NAT/Masq? I've tried everything from using Fast NAT
> > (static NAT) to redirecting ports. Nothing seems to be working. Thanks
> > much in advance for any pointers or assistance.
> >
> > --tim

On a not totally unrelated note, I have SR working just fine from behind
an OpenBSD 2.8 router running ipnat and (quite restrictive) ipf,
masquerading my internal RFC1918 network using one legal (static ADSL)
IP. All I did was change the SR config to make it use encapsulated UDP,
all according to the instructions at phoneboy (can't recall the specific
link right off hand) and now everything works like a charm, even SDL and
browsing the infamous network neighborhood if I feel like it. I can even
have more than one host on the internal network running SR at the same
time.

I do however have both a wins server setup in the office LAN as well as
a complete hosts file containing the pertinent hosts (DNS, WINS, FW,
domain controller et al).

The FW-1 is 4.1 SP2 (VPN-1 3DES) on a Nokia IP330.

hth,

     /Johan Lindquist

-- 
Public PGP key available at http://www.cshealthcare.se/~johan/PGP/ or
                            ldap://certserver.pgp.com/

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Checkpoint Firewall-1 access behind Linux Nat/Masq
  - From: "Timothy F. Lee" <[email protected]>

Prev by Date: Re: [FW1] Solaris8
Next by Date: [FW1] Securemote Problem
Previous by thread: RE: [FW1] Checkpoint Firewall-1 access behind Linux Nat/Masq
Next by thread: [FW1] specifying ICMP types and codes in "match" statement
Index(es):
- Date
- Thread