[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] encryption for FW-1 management
I got it working now with IKE pre-shared secrets 2 groups: Local and Remote Local --- local firewall object and local network remote --- remote firewall object and remote network RULE on both Firewalls: LOCAL REMOTE ANY ENCRYPT REMOTE LOCAL ANY ENCRYPT please comment. Thanks ----- Original Message ----- From: "Juan Concepcion" <[email protected]> To: <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]> Sent: Friday, April 06, 2001 5:02 PM Subject: RE: [FW1] encryption for FW-1 management The method by which your firewall and management station communicate is defined in the control.map. Within it are certain variables that mitigate how your firewall will talk to your management, fwz, ssl, or none (no encryption). By default the communication that exists between the two is encrypted so long as you have an encryption module loaded. Juan Concepcion On Thu, 05 Apr 2001, [email protected] wrote: > actually, firewall-1 control connetions aer allowed as a default. What you > would need to do is go to the global properties and uncheck "enable control > conections" > > Be careful as this will need to be allowed in a rule onced unchecked. try a > rule like this first. > > src--------------------------------------------------dst-------------------- --------------------service--------------------------------------action > > > firewall modules firewall manage. > fw1 groups accept > > > and a reverse rule > > hope this helps > > when this works change teh accept to encrypt > > > > > > "Roelandts, Guy" > > <[email protected]> To: > "'Tony Wong'" <[email protected]> > Sent by: cc: > "'[email protected]'" > [email protected] > <[email protected]> > kpoint.com > Subject: RE: [FW1] encryption for FW-1 management > > > 04/04/2001 11:22 AM > > > > > > > > Tony, > > Why not just adding the FW1_mgmt service to that other encrypting rule ? Or > create > a new rule, that is more restrictive, allowing only the real management > clients encrypted > access. > Met vriendelijke groeten - Bien à vous - Kind regards > > > Guy ROELANDTS > Compaq - Belgium > E-mail : [email protected] > Tel: +32(02)729.77.44 (options 3 - 3 - 1) > Fax: +32(02)729.77.65 > > > -----Original Message----- > From: Tony Wong [mailto:[email protected]] > Sent: Tuesday, April 03, 2001 11:21 PM > To: [email protected] > Subject: [FW1] encryption for FW-1 management > > What do I need to add to my rules in order to encrypt Fw-1 management > service from my local Lan to my remote Site? > > We already have a VPN tunnel running between 2 boxes on different > networks. Http, telnet, ftp are all showing as encrypted between the > two firewalls and LANs but FW-1 Management is not. > > Any help appreciated > > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|