 | ||
 Last question on traditional VPN's then i am outta here ;) | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-02-23 | |||
| |||
 Last question on traditional VPN's then i am outta here ;) Can someone just clarify whether when in traditional mode there is usually 1 management server managing multiple dstributed firewalls? Yes or no? and i assume that If this is the case then [silly question] the management server could be on the same subnet as gateway1 BUT on a completely different subnet of that of gateway2? that is correct - yes? If thats the case then an outbound rule must be in place for me to manage the remote gateway [gateway2] on gateway1, i.e. for SIC connections otherwise i would see SYN_SENT on my management server - and logs in smart view. Thanks Last edited by philofish; 2006-02-23 at 02:46.  |
| 2006-02-26 | |||
| |||
| Re: Last question on traditional VPN's then i am outta here ;) VPN mode is not relivent here. If a SC is managing a gateway outside of a firewall, the distant gateway needs to be able to contact the SC. This usualy requires setting up a static NAT for the SC. The implied rules should take care of the rest. The only thing to remember here is that after you create the distant firewall object, you need to install the policy to the local gateway before you can estiblish SIC. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
