Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Stonebeat and Secure Client Policy server.

To: "'Patrick Desnoyers'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Stonebeat and Secure Client Policy server.
From: "Luke, Jason (ISS Southfield)" <[email protected]>
Date: Mon, 23 Apr 2001 09:39:44 -0400
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

Title: RE: [FW1] Stonebeat and Secure Client Policy server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Usually, the Policy Server is the firewall gateway itself, and you do
not need to install anything to get it to work. All you need to do
is install a SecureClient license and turn on functionality. I'm not
100% sure, but I think all you need to do can be done in the Policy
Editor. Create a Policy SERVER, with the gateway's address. Go into
Policy Properties->Desktop Policies and configure whatever you need.
Install and test.
Of course, with Stonebeat, things will be trickier. I would try
doing the above for each firewall, ie..make a Policy Server object
for each. Test it, try failing over. I am sure the SC vpns will
fail but you might be able to restart them on the 2nd firewall.
This is what I would try first.

- -----Original Message-----
From: Patrick Desnoyers [mailto:[email protected]]
Sent: Tuesday, April 17, 2001 10:22 AM
To: '[email protected]'
Cc: '[email protected]'
Subject: [FW1] Stonebeat and Secure Client Policy server.

We have a stonebeat fullcluster configuration and we have
secureclient users.

The problem I have is with the policy server. WHERE do I install
it??? I read that I cannot load balance/HA the policy server and I
can't install it on the management server ..... Do I need to install
it on another machine? If so, I probably need a license string for
it... Am I supposed to have it already (since I bought licenses for
Secureclient)?

Also, the Stonebeat Manual says I have to use MEP vpn configuration
with IP pools but the checkpoint manual says that if I use State
synch between my firewalls I dont need MEP. ?!?!?!?!

Thanks for your help... ;-)

**************************************************************
Patrick Desnoyers
Network security administrator
**************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOuQybKIQyPuMAR5UEQKoAgCbBWBbduxm/g7BYrGpXu0VftK8mHcAoMga
XECnYs1oivRbXqfmBabqS7xg
=WkRV
-----END PGP SIGNATURE-----

Follow-Ups:
- [FW1] FW1 Session Authentication via TACACS...perhaps you have tried this.
  - From: "Carl E. Mankinen" <[email protected]>

Prev by Date: Antwort: Re: [FW1] Backups
Next by Date: [FW1] Lots of static routes in IPSO
Previous by thread: [FW1] Stonebeat and Secure Client Policy server.
Next by thread: [FW1] FW1 Session Authentication via TACACS...perhaps you have tried this.
Index(es):
- Date
- Thread