NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Topology for CheckPoint's NG FP3 and SecureClient



Hi, all

I am testing SecureClient with Office Mode to access our NG FP3 firewall
cluster (Solaris 8 with StoneBeat FullCluster). I am reading CheckPoint
document dated 12/13/2002 "How to configure SecureClient, Office Mode,
Certificates, and Remote Access Communities in NG FP-3" by Joe Green. Our
internal environment is that we use legal Internet address for corporate
headquaters (167.10.0.0, class B address) and invalid address (10.0.0.0 for
remote sites).

The way that I am planning to test is that I will use one of the subnet
(167.10.201.0, class C) of our legal address split to two subnets and assign
them to our 2 CheckPoint NG FP3 modules for SecureClient Office mode to
access our class B internal network. In the document, it does not mention
that the Topology of the firewall module (or cluster) needs to be setup but
CheckPoint tech support told me that I need to setup Topology of the cluster
properties and I can't use class B address (167.10.0.0) behind our firewalls
as encryption domain because the subnet 167.10.201.0 is part of the class B
address which is our encryption domain. One way to work around is to split
our class B address into each individule class C address in Topology. That
way the subnet 167.10.201.0 is excluded from the Topology of the gateway
(cluster). Do I have to setup Topology for the cluster for SecureClient VPN
access? What is the best way to do it? For 10.0.0.0 network, it is easy for
me to setup here if I have to setup Topology. Thanks in advance.


Ryan Jiang
Senior UNIX administratorLiz Claiborne, Inc.


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.