Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1]

To: [email protected]
Subject: Re: [FW-1]
From: "Neil Kemp (Business Sense)" <[email protected]>
Date: Fri, 8 Aug 2003 09:14:06 +0100
Importance: Normal
In-reply-to: <[email protected]>
Organization: Business Sense IT Limited
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

If it is a non fw1 product, it needs to be set in traditional mode.

I have found it better to set up a VPN in traditional mode if the
firewalls are pre- NG.

Regards

Neil Kemp
Security Consultant
Business Sense IT Ltd
  _____


Suite 296, 17 Holywell Hill,
St Albans, AL1 1DT.
Å
+44 (0) 8700 201694
Ë
+44 (0) 7958 545129
Ê
07092 153679
+
[email protected]
"
http://www.businesssense.co.uk
http://www.secureadvice.co.uk


















-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of rif raf
Sent: 07 August 2003 20:48
To: [email protected]
Subject: [FW-1]

We are in the process of setting up a site-to-site vpn between our NG
FP2
and an externally managed V4.1.

Firstly, I need to check with the other folks on what is the difference
creating a policy in simplified and traditional modes.

Using traditional mode, stuff like "support aggressive mode" can be set
under the IKE/Advanced option.
However, this is not possible under simplified mode when the
firewall/vpn
object is attached to the vpn community.

Using simplified mode, the initial error encountered was "aggressive
mode
not supported". I have to set ike_p1_use_aggressive to true in
objects_5_0.C
file and this error was not seen further. But the next error encountered
was
"proposal not chosen". We finally decided to go back to traditional mode
but
is there a utility to move all the rules from simplified mode to
traditional
mode?

If simplified mode is the way to go in the future, what about
site-to-site
with non-checkpoint vpn products?

TIA.
Rif

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1]
  - From: rif raf <[email protected]>

Prev by Date: [FW-1] MANUAL NAT
Next by Date: Re: [FW-1] MANUAL NAT
Previous by thread: [FW-1]
Next by thread: Re: [FW-1]
Index(es):
- Date
- Thread