Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NG, Licensing and Remote Management

To: [email protected]
Subject: [FW-1] NG, Licensing and Remote Management
From: "Steve B." <[email protected]>
Date: Thu, 17 Jan 2002 21:06:22 +0000
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

I'm currently installing NG-FP1 using private IP's for both the management workstation and the enforcement modules - E.G.

management - 10.0.0.10
firewall-a - 10.0.0.1
firewall-b - 10.0.0.2

This is configured with the "centralised" license scheme and I understand that it is no longer necessary to license against the external IP on the enforcement modules? Instead, the external interface(s) are simply nominated within the firewall object.

To allow external access to the management console I will add a static NAT rule.

Now for my question!

I have a Nokia Box located remotely which I wish to manage using my local management station. Given NG hasn't been released for IPSO yet I don't think I have an issue at present with communication taking place against the external static nat IP of the management station (let's call that 123.0.0.10).

What happens if/when I upgrade to NG? I'm using the centralised licensing scheme - I don't license the enforcement module with it's own IP but that of the associated management console - in this case 10.0.0.10.

Given this, will this cause issues with communication between the Nokia and my remote management console? Is there a facility within NG enforcement to say that communication to 10.0.0.10 is via 123.0.0.10? Or should I have licensed my management console with a public facing IP (this goes against what I have been taught in the past)? Or can I just get away with licensing the enforcement module with the external management IP? Or just use the "local license" option and license the Nokia external IP?

Hopefully there is a simple answer and I've just missed the point!

My thanks for reading this.

Regards,

Steve.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] I thought that Sofaware cannot be managed by Check Point Management?
Next by Date: Re: [FW-1] New Linksys VPN
Previous by thread: Re: [FW-1] Checkpoint FW-1 2000 installation on Windows 2000
Next by thread: [FW-1] Mapped services
Index(es):
- Date
- Thread