[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Stonebeat and Secure Client Policy server.
Title: RE: [FW1] Stonebeat and Secure Client Policy server.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Usually, the Policy Server is the firewall gateway itself, and you do
not need to install anything to get it to work. All you need to do
is install a SecureClient license and turn on functionality. I'm not
100% sure, but I think all you need to do can be done in the Policy
Editor. Create a Policy SERVER, with the gateway's address. Go into
Policy Properties->Desktop Policies and configure whatever you need.
Install and test.
Of course, with Stonebeat, things will be trickier. I would try
doing the above for each firewall, ie..make a Policy Server object
for each. Test it, try failing over. I am sure the SC vpns will
fail but you might be able to restart them on the 2nd firewall.
This is what I would try first.
- -----Original Message-----
From: Patrick Desnoyers [mailto:[email protected]]
Sent: Tuesday, April 17, 2001 10:22 AM
To: '[email protected]'
Cc: '[email protected]'
Subject: [FW1] Stonebeat and Secure Client Policy server.
We have a stonebeat fullcluster configuration and we have
secureclient users.
The problem I have is with the policy server. WHERE do I install
it??? I read that I cannot load balance/HA the policy server and I
can't install it on the management server ..... Do I need to install
it on another machine? If so, I probably need a license string for
it... Am I supposed to have it already (since I bought licenses for
Secureclient)?
Also, the Stonebeat Manual says I have to use MEP vpn configuration
with IP pools but the checkpoint manual says that if I use State
synch between my firewalls I dont need MEP. ?!?!?!?!
Thanks for your help... ;-)
**************************************************************
Patrick Desnoyers
Network security administrator
**************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOuQybKIQyPuMAR5UEQKoAgCbBWBbduxm/g7BYrGpXu0VftK8mHcAoMga
XECnYs1oivRbXqfmBabqS7xg
=WkRV
-----END PGP SIGNATURE-----