Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] SecuRemote / Routing question

To: "'[email protected]'" <[email protected]>
Subject: [FW1] SecuRemote / Routing question
From: Robert Looney <[email protected]>
Date: Mon, 6 Aug 2001 12:25:21 -0400
Sender: [email protected]

Hi....I'm trying to get past a hurdle involving SecuRemote and maybe someone
will have a suggestion.  I've been told by Checkpoint that it can't be done,
but I'm still hopefully that it can.  First, let me briefly explain our
environment.  We are running a standalone installation of FW-1 4.1 SP3 on an
Ultra 5 with Solaris 2.7. We have a relatively simple setup with three
interfaces on the fw.....an internal, an external "public" and a external
"private". We are using the public line for all of our internet traffic and
the private line only for our mainframe traffic.  We have added a route in
Solaris as follows:
(route add host [mainframe IP] [gateway of private interface]) that forces
anyone trying to hit the mainframe IP to use the gateway of the private
line, which is what we want to happen. I have sat behind the firewall on a
test workstation and this scenario seems to work fine.  I get out through
the public gateway when I access the internet, etc., but when I hit the IP
of the mainframe, I go out through the gateway of the private line.  

The problem for me comes when I SecuRemote in from home.  I can successfully
authenticate from home with no problem and ping other machines behind the
firewall, etc.  The problem comes when I try to access the mainframe.  Since
the IP of the mainframe is a valid, routable IP, I apparently go straight to
it via my home internet connection instead of using the SecuRemote tunnel.
The problem with that is, for security purposes, the mainframe will only
accept communications from the gateway of our private line.  Therefore, when
I connect from home, it sees my IP from my ISP and won't let me connect.  I
would have to be coming from the gateway of the private line, just like I am
when I am on the internal network behind the firewall.  I think it makes
sense to me why this is happening, but I'm just trying to figure out a way
to get around it because our employees need to be able to SecuRemote in from
home and access the mainframe through the fw's private line, just as they do
from work.  

Any ideas would certainly be appreciated.  If you need any other information
or if I haven't explained the situation clearly, feel free to let me know.  

Thanks in advance!

Robert  


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] OWA using User Auth
Next by Date: [no subject]
Previous by thread: [FW1] OWA using User Auth
Next by thread: RE: [FW1] SecuRemote / Routing question
Index(es):
- Date
- Thread