 | ||
 Setup Hints for VPN and Remote Management | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-13 | |||
| |||
 Setup Hints for VPN and Remote Management Setup Hints for VPN and Remote Management What configuration should be done to improve success of encryption related functions when rolling out enforcement points, especially in a distributed topology? Answer -------------------------------------------------------------------------------- There are many things one should do when performing the initial setup of the firewall that can eliminate many problems that you might encounter along the way with putkeys, VPNs, and SecuRemote. The local hosts file (Unix: /etc/hosts, NT: %SystemRoot%system32driversetc) should have an entry for the nodename (Unix: uname -n; NT: The NetBIOS name). This is the "nodename IP" of the system. The nodename IP above should be a routable address. All VPN partners, management consoles, firewall modules, and SecuRemote clients should be able to reach the nodename IP through standard routing. In most cases, the nodename IP for the box should be the IP of the external interface as it is usually routable. The network object that represents your firewall should use the same name as your nodename. It should also have the same IP address as your nodename IP (and again, this should usually be your external IP). Do not call your firewall object (or firewall box for that matter) 'fw', 'fw1' or any other reserved word (4.1) in INSPECT. For FireWall-1 NG, refer to sk6648 (not public) in Secure Knowledge. When putkeys are used, use the nodename IP address of the remote box. -------------------------------------------------------------------------------- -- RobertGraham - 08 Jan 2004 FAQForm FAQs.Class: EncryptionFAQs, SecureClientFAQs FAQs.OS: FAQs.Version:  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
