[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Securemote solution design question
I have a question as to the design of a solution for securemote VPN access. I have three main "hubs" all interconnected via Frame Relay. Each hub also has it's own Internet connectivity. Each hub has it's own mgmt console managing a Checkpoint FW, one of which is in distributed fashion (mgmt separated out). Site A - Distributed Mgmt Console and FW Site B - Mgmt and FW on same box Site C - Mgmt and FW on same box Currently I have my SR users connect and download topologies from my distributed mgmt console at site A. Some SR users also connect to site B's FW for access to resources behind that particular FW. My question is this: Considering we are going to be implimenting MEP, what's a good design for topology downloads ? Should I create CA's on each FW and have the SR clients access the FW's themselves for topo downloads as opposed to each mgmt console individually ? What are the advantages and disadvantages of each ? Keep in mind that I also have remotes sites interconnected behind each hub site on an internal WAN. thanks in advance Chad Smith Sr. Network Engineer ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|