[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] About SecuRemote
On the contrary, if you use FWZ, you get a certificate authority structure automatically. When you set up FWZ encryption on a firewall object, the FWZ Properties tabs require you to create a set of keys: - 1 management key for the management station - 1 Diffie-Helman key for the individual firewall module If you are running a hybrid-mode IKE environment, SecuRemote still requires that there be an FWZ Certificate structure. So, to use Hybrid mode IKE: 1: enable FWZ 2: Generate FWZ Keys 3: Enable IKE 4: Enable Hybrid mode 5: Create the InternalCA and certify the firewall(s) You then modify the users so that the user encryption specified is IKE, not FWZ Tim -- Timothy Frost mailto:[email protected] EDS New Zealand Fax: +64-4-495-0473 8 Gilmer Terrace Phone: +64-4-495-0504 P O Box 3647 Wellington New Zealand -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, April 25, 2001 3:45 AM To: [email protected]; [email protected] Subject: AW: [FW1] About SecuRemote Hi, I do not know that Error, but why don't you use FWZ as encryption scheme. It does not require a certificate authority. --Joerg -----Ursprüngliche Nachricht----- Von: F.Iga [mailto:[email protected]] Gesendet: Montag, 23. April 2001 13:58 An: [email protected] Betreff: [FW1] About SecuRemote Hello all, Does anyone know about the above message from SecuRemote ? Error : Site ..xxx.xxx says that it is not a Certificate Authority. Check whether you have got the right IP-address for xxx.xxx.xxx.xxx. and check with the FW-1 system manager there whether xxx.xxx.xxx.xxx is indeed a FW-1 control station. Firewall management station in inside network managed the firewall-1. And it is reported the above error message from SecuRemote when SecuRemote connect to firewall-1 machine. Thanks in advance, Igarashi. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|