Most
of the Checkpoint manuals talk about SecuRemote when used to a combined
management station/Firewall.
I want
to use SecuRemote to establish a VPN to a Firewall only module. The mangamnet
station for this module is hidden back on the LAN. Is it possible? Is there
anyway to make a Firewall module the Certificate Authority?
Failing this I can punch holes in my Firewall to get at
the management station behind the Firewall to get to the CA, but where does
encryption and authentication take place?
The
way I see it, an incoming connection to the Firewall triggers an access rule,
user enters user name and password. Keys are then exchanged between client and
management station, but where does the encryption take place? Firewall or
Management station? If the CA is on the managment station does the management
station need a Firewall module active?
-Steve
|