How Secure is communication between the modules? In the NG release of FireWall-1, SSL with certificates is used between all components, including the management GUIs.
In earlier releases, it is as follows:
- Prior to 4.1 SP2: fwa1 (supposedly 192bit) between modules if encryption license is present, otherwise authenticated with S/Key
- 4.1 SP2 and future versions of 4.1: fwa1 (192bit)
Note that I do not recommend using your VPN rules to allow management traffic between the firewall and management console. You could very easily get yourself into a bind where the VPN breaks and have a hell of a time getting things working again because your security policy only permits policy loads through the VPN rules.
--
GuyR - 09 Jan 2004
FAQForm FAQs.Class:
RemoteManagementFAQs FAQs.OS: FAQs.Version: