[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] SecuRemote / Routing question
Hi....I'm trying to get past a hurdle involving SecuRemote and maybe someone will have a suggestion. I've been told by Checkpoint that it can't be done, but I'm still hopefully that it can. First, let me briefly explain our environment. We are running a standalone installation of FW-1 4.1 SP3 on an Ultra 5 with Solaris 2.7. We have a relatively simple setup with three interfaces on the fw.....an internal, an external "public" and a external "private". We are using the public line for all of our internet traffic and the private line only for our mainframe traffic. We have added a route in Solaris as follows: (route add host [mainframe IP] [gateway of private interface]) that forces anyone trying to hit the mainframe IP to use the gateway of the private line, which is what we want to happen. I have sat behind the firewall on a test workstation and this scenario seems to work fine. I get out through the public gateway when I access the internet, etc., but when I hit the IP of the mainframe, I go out through the gateway of the private line. The problem for me comes when I SecuRemote in from home. I can successfully authenticate from home with no problem and ping other machines behind the firewall, etc. The problem comes when I try to access the mainframe. Since the IP of the mainframe is a valid, routable IP, I apparently go straight to it via my home internet connection instead of using the SecuRemote tunnel. The problem with that is, for security purposes, the mainframe will only accept communications from the gateway of our private line. Therefore, when I connect from home, it sees my IP from my ISP and won't let me connect. I would have to be coming from the gateway of the private line, just like I am when I am on the internal network behind the firewall. I think it makes sense to me why this is happening, but I'm just trying to figure out a way to get around it because our employees need to be able to SecuRemote in from home and access the mainframe through the fw's private line, just as they do from work. Any ideas would certainly be appreciated. If you need any other information or if I haven't explained the situation clearly, feel free to let me know. Thanks in advance! Robert ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|