| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Securemote solution design question
I have a question as to the design of a solution for securemote VPN access.
I have three main "hubs" all interconnected via Frame Relay. Each hub also
has it's own Internet connectivity. Each hub has it's own mgmt console
managing a Checkpoint FW, one of which is in distributed fashion (mgmt
separated out).
Site A - Distributed Mgmt Console and FW
Site B - Mgmt and FW on same box
Site C - Mgmt and FW on same box
Currently I have my SR users connect and download topologies from my
distributed mgmt console at site A. Some SR users also connect to site B's
FW for access to resources behind that particular FW.
My question is this:
Considering we are going to be implimenting MEP, what's a good design for
topology downloads ? Should I create CA's on each FW and have the SR
clients access the FW's themselves for topo downloads as opposed to each
mgmt console individually ? What are the advantages and disadvantages of
each ? Keep in mind that I also have remotes sites interconnected behind
each hub site on an internal WAN.
thanks in advance
Chad Smith
Sr. Network Engineer
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
