[redster]

Hi all,

Is there a way to edit the source IP address that checkpoint uses for sending SNMP traps?

I have a simple VPN tunnel between 2 offices both running checkpoing R54.
From office A i would like to monitor the SNMP traps sent by checkpoint from office B.

I have allowed the SNMP traffic to be encrypted across the VPN but here is the problem

1 From office A SNMP-READ to internal interface of Firewall@Office B is sent ok.
2 From Office B SNMP-READ is decrypted ok
3 Office B firewall then sends back SNMP-TRAP encrypted but as External IP for its source
4 Office A sees this SNMP-TRAP as a source that is the External IP address from Firewall B not the internal address and rejects the packet.

So can i edit the policy to make Firewall B send out as its internal interface address?

From OfficeA i also have a VPN tunnel setup with an office running a PIX and on the PIX i can use
"MANAGEMENT ACCESS INSIDE" and "SNMP-SERVER HOST a.b.c.d INSIDE" to achieve the effect of sending using the internal interface IP address.