|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecuRemote: CA, Encryption and Authentication
Yes, I got it to work 2 weeks ago. What is your setup like? -----Original Message----- From: Jan-Ivar Hansen [mailto:[email protected]] Sent: Tuesday, June 26, 2001 2:36 AM To: Luke, Jason (ISS Southfield); Steve; [email protected] Subject: RE: [FW1] SecuRemote: CA, Encryption and Authentication Are you sure about this? I tried this method on our firewalls with no luck.... If I could get this to work it would help me a great deal in a case I'm currently working on. Jan-Ivar -----Original Message----- From: Luke, Jason (ISS Southfield) [mailto:[email protected]] Sent: 22. juni 2001 17:35 To: 'Steve'; [email protected] Subject: RE: [FW1] SecuRemote: CA, Encryption and Authentication You can definitely set it up to only download topology from the firewall, you no longer need to get it from the mgmt station. It's been a while so some of what I say might be a little incorrect. But... I think with strict FWZ encryption, you need to download topology from the mgmt station. The firewall will complain about not being a control station. However, you can create uncheck the "Respond to unauthenticated topology requests" box checked in Policy-> Properties. Create a user, check IKE, edit his encryption properties, give him an IKE password for topology downloads. >From then on, I think you can do FWZ encryption, and download the topo from the firewall, you just need to use the IKE user and password for the download, and any FWZ user then for the encryption... You could, of course, do all this with IKE encryption as well. -----Original Message----- From: Steve [mailto:[email protected]] Sent: Thursday, June 21, 2001 6:18 PM To: [email protected] Subject: [FW1] SecuRemote: CA, Encryption and Authentication Most of the Checkpoint manuals talk about SecuRemote when used to a combined management station/Firewall. I want to use SecuRemote to establish a VPN to a Firewall only module. The mangamnet station for this module is hidden back on the LAN. Is it possible? Is there anyway to make a Firewall module the Certificate Authority? Failing this I can punch holes in my Firewall to get at the management station behind the Firewall to get to the CA, but where does encryption and authentication take place? The way I see it, an incoming connection to the Firewall triggers an access rule, user enters user name and password. Keys are then exchanged between client and management station, but where does the encryption take place? Firewall or Management station? If the CA is on the managment station does the management station need a Firewall module active? -Steve ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
