Put your site to site encryption rules at
the beginning of the rulebase, and make sure your
default routes are setup properly.
-----Original Message-----
From: Morton, Matthew
[mailto:[email protected]]
Sent: Friday, August 30, 2002 9:50
AM
To:
[email protected]
Subject: [FW-1] FW to FW VPN
Question
Hi all,
Question,
In a
FW to FW vpn connecting as follows (LAN to LAN), how can I force all traffic
through the vpn tunnel...in other words how do I avoid the local default route
taking precedence over and routing encrypted traffic out the local ISP
connection.
Remote Office: DSL connection to the internet
and Checkpoint Firewall (Local Default Route is the FW which defaults to
the local DSL connection)
Central Office: Several T1s to the
internet and Checkpoint Firewall
All FWs are running Checkpoint NG FP2 using the same
internal address space
We can create a rule to encrypt all traffic (local
encryption domain to remote encryption domain) but local internet connections
etc., still get routed out the local DSL link. We don't want any split
tunneling happening at the remote site. Is it possible to make the
rulebase action happen before the routing decision?
Any help is greatly appreciated.
Matt.