[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] The interface to register the license for FireWall-1

To: [email protected]
Subject: Re: [FW-1] The interface to register the license for FireWall-1
From: "Colmer, Philip" <[email protected]>
Date: Thu, 5 Sep 2002 21:20:47 +0100
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> For example, please confirem the following situation.
> The computer with FireWall-1 installed on  has three interfaces.
> Its interfaces are DMZ, External and Internal interface respectively.
> Even if I register the license for the FireWall-1 on whatever interface
> of these three,
> is it not much of a problem ?
> Generally speaking, I suppose, in most cases, that the license for
> FireWall-1
> will registerd on the external interface of FireWall-1 machine.
> Some of my clients I know register its license on the internal interface.
> But, if you register the license for FireWall-1 on the internal interface,
> I  have heard that the connection to the internal network  through
> FireWall-1
> with SecuRemote could often fail.

This is indeed what is experienced by other people, including ourselves.

Best practice suggests that you do indeed license the external interface. In
practice, this means defining the primary IP address of the firewall as the
external IP address - i.e. when you first define the node, the IP address
you enter is the external one.

Even better, if you've got a separate management station, you actually
licence the management station first. You then ensure that the primary IP
address of the firewall is the external IP address. You then attach the
licence to the firewall.

Hope that helps.

--Philip

--
Philip Colmer MBCS CEng                 Tel: 01223 271223
I.T. Manager                            Fax: 01223 215513
ProQuest Information & Learning
The Quorum, Barnwell Road, Cambridge, CB5 8SW

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] How to Start CPMI in NGFP2
Next by Date: [FW-1] Nokia ip400 VRRP problems
Prev by thread: Re: [FW-1] The interface to register the license for FireWall-1
Next by thread: Re: [FW-1] How to Start CPMI in NGFP2
Index(es):
- Date
- Thread