[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Securemote: Encrypt every connection ???
Hi ! Thanks for your help! The background to my question was, that i want to secure a wireless lan. Therefore i want to encrypt _every_ connection that goes over the wireless lan via our firewall, to either the internal network, or the Internet. I just got it work (after you gave me a hint) ! I had to define a lot of networks, because the 0.0.0.0 did not work. (and a 1.0.0.0 with subnetmask 128.0.0.0 was always changed by checkpoint to 0.0.0.0 subnetmask 128.0.0.0, which did not work for me.) Therefore i defined the "whole internet" ad several Networks, just excluding the network where my client resides. (eg: 1.0.0.0/8 2.0.0.0/7 4.0.0.0/6 8.0.0.0/5 ...) I made a Group with those networks, and a changed the encryption domain to this "Group of Networks" > Using an IP of 0.0.0.0 with a 0.0.0.0 mask > matches every packet and is incorrect. > VPN's have a concept of encryption domains and > encrypt data only belonging to that domain. > Matching all packets breaks this concept. > You need to distinguish > what is behind the VPN and what isn't and > userc.C will reflect this. > > If you setup the VPN per the doc/phoneboy it > will encrypt all traffic destined to your > site as advertised. __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|