 | ||
 Deployment in front of FW | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-09-26 | |||
| |||
 Deployment in front of FW Any one have connectra deployed infront of the FW. The idea is that if the FW goe down, then via connectra ssl, we should have accessibility to the internal network. I am assuming this would be a bad idea, since that would give access directly to the internal network once authenticated.. Anyone using ths method? The documentation says to keep it in the DMZ or LAN and is protected by the FW rules... However, if it lies out side teh FW, and the second interface is in he lan... would that work? or are we creating a hole... by thinking that if the FW crashed, we could gain access via connectra.. Hope this is not too confusing...  |
| 2007-09-27 | |||
| |||
| Re: Deployment in front of FW I assume that you mean that you would place the Connectra in parallel with the Firewall, and have it connect into the Internal and External LANs. In terms of protecting the Connectra then you only restrict the access to http/https in terms of the from the outside. When you connect onto the Portal you don't connect through but connect to the Connectra and then the Connectra initiates a new connection to the Internal Network. I personally wouldn't do it and if access is that critical then you should run HA Gateways and HA Connectra. However if you implemented the authentication using two factor authentication then you may feel that it is worth the chance yourself. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
