Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: [FW1] FWZ, SecureClient and Topolgies

To: [email protected]
Subject: Re: RE: [FW1] FWZ, SecureClient and Topolgies
From: "Richard Turner" <[email protected]>
Date: Sun, 1 Apr 08:42:56 2001 +0100
Sender: [email protected]

I'm a little confused. This is an IKE only configuration and FWZ-only
users can't use this method? Are you saying that putting FWZ on the
firewall is there for IKE authenticated topology downloads and not
for the benefit of FWZ users. Looks like I missed out the bit about
wanting this for FWZ and not IKE users in my orig posting as it
looked as if I could avoid having my management server accessable by
the internet (even if it is just for FW-1 protocols)

regards

Richard Turner


>-------- ORIGINAL MESSAGE BELOW --------
>FWZ=managment server (unauthenticated)
>
>IKE=FireWall-1,managment (authenticated from FireWall, not authenticated if
>from managment)
>
> For topo downloads from FireWall using IKE, you must uncheck the respond to
>unauthenticated topo requests option. Or you must also have FWZ enabled on
>the FireWall. Beware, this will allow users to download topo
>unauthenticated.
>
>> -----Original Message-----
>> From: [email protected]
>> [mailto:[email protected]]On Behalf Of
>> Richard Turner
>> Sent: Saturday, March 31, 2001 1:31 AM
>> To: [email protected]
>> Subject: [FW1] FWZ, SecureClient and Topolgies
>>
>>
>>
>> I've heard that you can now define a site and pull the secureclient
>> site topology using the address of the firewall module rather that
>> the management module providing you have authenticated, possibly with
>> a policy server. Has anyone seen this work - I'm running CP2000 with
>> SP3 and the latest build Secureclient. All I get from the SC is "this
>> object is not a Certificate Authority"...
>>
>> It was mentioned that I need to have IKE enabled as well(?)but it
>> doesn't help.
>>
>> Any thoughts?
>>
>> regards
>>
>> Richard Turner
>>
>>
>> ______________________________________________________________________
>>
>> First Option's outgoing email policy is at
>> http://www.firstoption.com/emailpolicy.html, but a short summary is :-
>>
>> - all email/attachments are confidential; do not use, circulate
>> or release
>> without our consent
>>
>> - email is not authorised unless it is on First Option business
>>
>> - email is not binding unless it is from an authorised person
>> and is signed with a digital certificate
>>
>> First Option Ltd. - Switchboard +44 (0) 1962 738200
>> Signal House, Jacklyns Road, Alresford, Hants, SO24 9JJ, United Kingdom
>> _______________________________________________________________________
>>
>>
>> ==================================================================
>> ==============
>>      To unsubscribe from this mailing list, please see the instructions at
>>                http://www.checkpoint.com/services/mailing.html
>> ==================================================================
>> ==============
>>
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Next by Date: Re: [FW1] Recommended Plataform Solaris???
Next by thread: [FW1] Gabriel needs Nokia IP650 info please!
Index(es):
- Date
- Thread