 Re: Check Point VPN design
Hi ciesec2006,
Intresting comments, sounds like something i need to try out in the lab. However, a cisco IOS router does not allow you to do NAT (i.e source and destination in a tcp connection) which is what a lot of my VPN are setup to do.
But i do agree with a firewall remaing firewalls. My blood boils when i get asked to setup up dynamic objects to resolve domain names! Firewalls rules should not be populated using DNS servers replies! it just introduces another point of vulnerability to your firewalls....
Regards
Testing-123 |