[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Adding remote firewall modules
Change in IP address will mean you will need to update the rulebase and reestablish the putkeys. As for sending the config (pushing the policy), by default, FW-1 will use S/Key authentication for all intra firewall traffic, and if you have the VPN-1 license as well, it will use fwa-1 authentication/encryption to send the traffic. In your particular case, I'd advise you install the firewall at your site, so that it accepts telnet or SSH, ship it to site, remotely update putkeys, and then push the policy down. Tim -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Steve Loughran Sent: 14 November 2001 11:09 To: [email protected] Subject: [FW-1] Adding remote firewall modules Hi all I`m about to upgrade from a single management/firewall unit by adding another firewall unit at another site, and I have a few (probably very simple) questions... If I configure the second firewall unit here, install software, register it with the management module and ship to other site, will the change of IP address cause any problems in the rules base or firewall authentication? When you send the config to the remote firewalls, which IP address does it use? If its the external IP, is that traffic encrypted between management module and firewall module? (We have Internal WAN connection on the inside between the sites) Any other gotchas I need to be aware of that I wouldnt have come across whilst running only a single management/firewall unit? Any help with these issues would be greatly appreciated. Many thanks in advance for your help. -- Steve ------------------------------------------------- Steve Loughran, Network Infrastructure Manager Sony Computer Entertainment Europe (Cambridge) Home Page -> http://sl.scee.sony.co.uk/ Yamaha YZF1000R Thunderace ICQ#: 12666311 (Work), 104426046 (Laptop) Team Waste - Where do you want to go wrong today? =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses. www.uk.didata.com ********************************************************************** =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|