CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We've already had our first sign-ups!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 6/9, 7/14, 8/25, 10/6, 11/3, 12/8.
3. We have new forums in Portuguese and German (see below).
4. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
5. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page good method for authentication
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-03-19
vvcat vvcat is offline
Junior Member
  
Join Date: 2008-01-30
Posts: 27
vvcat has an average reputation (10+)
Default good method for authentication
hi all,

my office and my warehouse are on different location, each site have checkpoint NGX firewall, usually, user can run secure client on home PC to logon vpn to access office server or warehouse server from home, but they need logon both firewall every time, what is the best method to reduce this effort. can we use LDAP or centralize tools or servers to accomplish this way.
Reply With Quote
  #2 (permalink)  
Old 2008-03-19
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 791
mcnallym has an average reputation (10+)
Default Re: good method for authentication
Do the two sites have a VPN between the two. Also you said SecureClient so I presume you have the SecureClient License for this.

If they do then set the Remote Access Domain on the main office to include the encryption domain of the warehouse firewall.

Set the normal Encryption Domain of the main gateway to be the networks behind the gateway and the Office Mode range.

This way you can VPN to the main office gateway, authenticate once there, and then when you access the warehouse resources it routes across the site-to-site VPN to do this rather than building a seperate tunnel.

The downside is obviously more load in and out of the main office ISP link.
Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 00:19.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0