Re: [FW1] encryption for FW-1 management

[Tony Wong <twong@FW1-NOSPAMSolutionCentral.com>]

I got it working now with IKE pre-shared secrets

2 groups: Local and Remote

Local --- local firewall object and local network
remote --- remote firewall object and remote network

RULE on both Firewalls:

LOCAL        REMOTE        ANY        ENCRYPT
REMOTE     LOCAL           ANY        ENCRYPT

please comment.

Thanks

----- Original Message -----
From: "Juan Concepcion" <juanconcepcion@earthlink.net>
To: <twong@SolutionCentral.com>; <RAHodgson@statestreet.com>;
<owner-fw-1-mailinglist@beethoven.us.checkpoint.com>;
<fw-1-mailinglist@beethoven.us.checkpoint.com>
Sent: Friday, April 06, 2001 5:02 PM
Subject: RE: [FW1] encryption for FW-1 management


The method by which your firewall and management station communicate is
defined
in the control.map.  Within it are certain variables that mitigate how your
firewall will talk to your management, fwz, ssl, or none (no encryption).
By
default the communication that exists between the two is encrypted so long
as
you have an encryption module loaded.

Juan Concepcion

On Thu, 05 Apr 2001, RAHodgson@statestreet.com wrote:
> actually, firewall-1 control connetions aer allowed as a default. What you
> would need to do is go to the global properties and uncheck "enable
control
> conections"
>
> Be careful as this will need to be allowed in a rule onced unchecked. try
a
> rule like this first.
>
>
src--------------------------------------------------dst--------------------
--------------------service--------------------------------------action
>
>
> firewall modules         firewall manage.
> fw1 groups                                       accept
>
>
> and a reverse rule
>
> hope this helps
>
> when this works change teh accept to encrypt
>
>
>
>
>
>                     "Roelandts, Guy"
>
>                     <Guy.Roelandts@compaq.com>                      To:
> "'Tony Wong'" <twong@SolutionCentral.com>
>                     Sent by:                                        cc:
> "'fw-1-mailinglist@lists.us.checkpoint.com'"
>                     owner-fw-1-mailinglist@beethoven.us.chec
> <fw-1-mailinglist@beethoven.us.checkpoint.com>
>                     kpoint.com
> Subject:     RE: [FW1] encryption for FW-1 management
>
>
>                     04/04/2001 11:22 AM
>
>
>
>
>
>
>
> Tony,
>
> Why not just adding the FW1_mgmt service to that other encrypting rule ?
Or
> create
> a new rule, that is more restrictive, allowing only the real management
> clients encrypted
> access.
> Met vriendelijke groeten - Bien à vous - Kind regards
>
>
> Guy ROELANDTS
> Compaq - Belgium
> E-mail : Guy.Roelandts@compaq.com
> Tel: +32(02)729.77.44 (options  3 - 3 - 1)
> Fax: +32(02)729.77.65
>
>
>      -----Original Message-----
>      From: Tony Wong [mailto:twong@SolutionCentral.com]
>      Sent: Tuesday, April 03, 2001 11:21 PM
>      To: fw-1-mailinglist@lists.us.checkpoint.com
>      Subject: [FW1] encryption for FW-1 management
>
>      What do I need to add to my rules in order to encrypt Fw-1 management
>      service from my local Lan to my remote Site?
>
>      We already have a VPN tunnel running between 2 boxes on different
>      networks. Http, telnet, ftp are all showing as encrypted between the
>      two firewalls and LANs but FW-1 Management is not.
>
>      Any help appreciated
>
>
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================