|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] Management module separation and SecuRemote access through NAT
Christian,
A better route would be to have the policy be obtained from
the enforcement point, by disallowing 'Unauthenticated Cleartext Topology
requests." There is no reason to give external people access to the
management station at all.
CryptoTech
Christian ALT wrote:
Up
to now we had the firewall module and the management module on the same
system. We have users accessing with SecuRemote. We are going to split
the management module from the firewall. The firewall is performing NAT
to the internal LAN. The management station will be located on the LAN.
Do we have to use an official IP address for the management station in
order to be accessed by SecuRemote, or can we use static NAT. In this situation
what is the site name or Ip address does it become the one of the management
station ? My answer
is that the management station has to be NATed and accessible from outside.
The site definition in SecuRemote is the management station's IP address. Please
correct me if I'm wrong Christian
ALT Telecom and Logistics
Associates
Network and Security Company
|
|
|