Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN with DES AND 3DES

To: [email protected]
Subject: Re: [FW-1] VPN with DES AND 3DES
From: LEFEVRE David <[email protected]>
Date: Tue, 13 Nov 2001 15:41:56 +0100
Comments: To: "Roelandts, Guy" <[email protected]>
Organization: CARDIF - Security Team
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Thanks, I hadn't noticed this.

By the way, Do you have an idea why a
fw ver says

 Check Point VPN-1[TM] & FireWall-1(R) Version 4.1 Build 41 [VPN + DES]

and a fw printlic says :

 @IP never xx-xxx-3DES-xxxx

FYI, it had a license upgrade, did I miss something during the upgrade ?

Thanks


"Roelandts, Guy" wrote:
>
> David,
>
>    With regards to the DES/3DES problem, what does a fw ver tell you on both
>  Firewalls, if you are running 3DES software you should get :
>
>         This is Check Point VPN-1[TM] & FireWall-1(R) Version 4.1 Build
> 41nnn
>         [VPN + DES + STRONG]
>
>         if you are running only the DES version I think you should get
>
>         This is Check Point VPN-1[TM] & FireWall-1(R) Version 4.1 Build
> 41nnn
>         [VPN + DES]
>
>    With regards to the other question, I think this should work, don't see
>  why it wouldn't
>
> Met vriendelijke groeten - Bien à vous - Kind regards
>
> Guy ROELANDTS
> EMEA GS Internet Expertise Centre - CCSA & CCSE
> Compaq Software Engineer - Belgium
> E-mail : [email protected]
> Tel: +32(02)729.77.44 (options  3 - 3 - 1)
> Fax: +32(02)729.77.65
>
> =====================================================================
> This message may contain confidential and/or proprietary information,
> and is intended only for the person/entity to whom it was originally
> addressed. The content of this message may contain private views and
> opinions which do not constitute a formal disclosure or commitment
> unless specifically stated. Should you receive this message by mistake
> please inform the sender immediately.
> =====================================================================
>
> -----Original Message-----
> From: LEFEVRE David [mailto:[email protected]]
> Sent: Tuesday, November 13, 2001 12:00 PM
> To: [email protected]
> Subject: [FW-1] VPN with DES AND 3DES
>
> Hello all,
>
> I've searched for documentation, but nothing.
>
> I've got the following problem :
> I have 2 firewalls with a 3DES license for VPN encryption.
> The first one accept to choose 3DES in the enxryption properties in my
> rules,
> the second one denies it.
>
> As the 2 machines are differents systems, I can not compare the 2
> installations
> (one Linux / One solaris).
>
> On the solaris one, in the encryption properties I can only choose between
> CAST/DES/DES-40CP/Null
> and a "fw printlic -k" gives me a 3DES license.
>
> First question : does anybody know why I do NOT have 3DES in my choice list
> ????
>
> Second question : each rule applies on a group of workstations, is it
> possible, with
> the same firewall based VPN, to have different encryption levels ???
>
> I mean, is it possible to have :
>
> rule 1 : GRP-VPN-BASE / FAR-AWAY1 / Encrypt (DES)  /  Log  /  FW_for_VPN /
> every time
> rule 2 : GRP-VPN-BASE / FAR-AWAY2 / Encrypt (3DES) /  Log  /  FW_for_VPN /
> every time
>
> in the same rulebase ?
>
> Thanks for all.
> Best regards
> --
> David LEFEVRE
> CARDIF - Architecture et Sécurité Opérationnelle
> [email protected] - Tél : 01 41 42 76 63
>      [email protected] - Tel : 01 41 42 24 22
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================

--
David LEFEVRE
CARDIF - Architecture et Sécurité Opérationnelle
[email protected] - Tél : 01 41 42 76 63
     [email protected] - Tel : 01 41 42 24 22


**********************************************************************
L'intégrité de ce message n'étant pas assurée sur Internet,
CARDIF ne peut être tenu responsable de son contenu.
Si vous n'êtes pas destinataire de ce message confidentiel,
Merci de le détruire et d'avertir immédiatement l'expediteur.

The integrity of this message cannot be guaranteed on the
Internet. CARDIF can not therefore be considered responsible
for the contents.
If you are not the intended recipient of this confidential message,
then please delete it and notify immediately the sender.

**********************************************************************

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Follow-Ups:
- Re: [FW-1] VPN with DES AND 3DES
  - From: Lars Troen <[email protected]>

References:
- Re: [FW-1] VPN with DES AND 3DES
  - From: "Roelandts, Guy" <[email protected]>

Prev by Date: Re: [FW-1] NG or Provider-1?
Next by Date: Re: [FW-1] VPN with DES AND 3DES
Previous by thread: Re: [FW-1] VPN with DES AND 3DES
Next by thread: Re: [FW-1] VPN with DES AND 3DES
Index(es):
- Date
- Thread