CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


 

Results 1 to 17 of 17

Thread: Checkpoint for Cisco guys

  1. #1
    Join Date
    2016-05-04
    Posts
    3
    Rep Power
    0

    Default Checkpoint for Cisco guys

    Checkpoint for Cisco guys

    Hi folks,

    I'm pretty new to the Chekpoint FWs but I have lot of years in administrating and troubleshooting the Cisco boxes.

    At the moment I have 10-12 Checkpoint boxes, whose configuration has been built up by many people over the years, and I aim at analysising their configuration to check if indeed they reflect just the needs of the business or may maybe they allow more than what's needed.
    Also I'd like to check if the settings are aligned across all the boxes and to foresee problems due to incorrect settings across such boxes

    As to the underneath OS it's Linux and more or less I know where to get the info I need (and of course in text format) but for the policies and the stricly related stuff to the CP FW I don't see a way to get the settings in clear text. I also dag in dbedit but no way to get a list of the current settings, only to create,modify and delete objects.

    At the moment I'm especially interested at the NAT rules (getting manual and automatic ones) and VPNs (IP peers, algorithms, etc etc).

    Could somebody point me in the right direction?

    Thanks a lot in advance,

    Axllxa

  2. #2
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    495
    Rep Power
    4

    Default Re: Checkpoint for Cisco guys

    I don't think you ll be able to get what you need in a readable logic format. I mean there's no show run nat command . Not to mention CP and ASA differ the way rules are "getting the traffic".

    I was in your shoes about two years ago and I just built a new vision, pretty different of what ASA firewalling does and behave.

  3. #3
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    358
    Rep Power
    3

    Default Re: Checkpoint for Cisco guys

    You won't get this information from the Gateways themselves.

    All the info you want is within the SmartDashboard policy. You will want to connect to the Security Management Server with the SmartDashboard GUI Client, and you will find the information you wan therein.

    In the firewall tab, there is a NAT section.

    Depending on the version of Checkpoint in use, you will see a VPN Tab (IPSec VPN). There, you will find the VPN Communities, each one with it's own set of encryption and tunnel settings.

    SmartDashboard is where the real majority of your work will be done.

  4. #4
    Join Date
    2006-09-26
    Posts
    2,735
    Rep Power
    13

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by jdmoore0883 View Post
    You won't get this information from the Gateways themselves.

    All the info you want is within the SmartDashboard policy. You will want to connect to the Security Management Server with the SmartDashboard GUI Client, and you will find the information you wan therein.

    In the firewall tab, there is a NAT section.

    Depending on the version of Checkpoint in use, you will see a VPN Tab (IPSec VPN). There, you will find the VPN Communities, each one with it's own set of encryption and tunnel settings.

    SmartDashboard is where the real majority of your work will be done.

    Going from Cisco to Checkpoint will be a HUGE change for you. For me personally, I was working with both Checkpoint and Cisco at the same time and with a strong background in Linux, it was a big help for me.

    Most folks, not all, with Cisco experiences just don't have enough Unix/Linux skills which checkpoint requires to be a good Checkpoint Engineer. The opposite is also true. Checkpoint Engineers, not Checkpoint TAC, who are also excellent engineers, that I know of, are excellent Unix/DBA and coders, in addition to be an excellent Cisco engineers as well.

    If you can do both Checkpoint and Cisco, there will be a huge demand for your services.

  5. #5
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    1,817
    Rep Power
    10

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by axllxa View Post
    Checkpoint for Cisco guys

    Hi folks,

    I'm pretty new to the Chekpoint FWs but I have lot of years in administrating and troubleshooting the Cisco boxes.
    For students that attend my Check Point classes your Cisco background is very common, which is why I maintain (and just renewed) my CCNA Security certification. So I get your type of queries all the time. To sum it up:

    NAT is configured completely backwards on Check Point when compared to Cisco; this *will* mess you up at some point especially if trying to replace a Cisco ASA with a Check Point. While Cisco ASA 8.3 and later made NAT somewhat more CheckPoint-like with the use of network objects, even in the new 8.3+ NAT paradigm you must specify an interface pair between which you want NAT to occur. If traffic arrived on the first interface of the interface pair and will depart on the second interface of the pair, NAT will be performed on a Cisco.

    When using the extremely common Automatic NAT technique on a Check Point (which involves editing an object, going to its NAT tab and configuring the specifics of NAT) if traffic comes into the firewall matching that network object on ANY interface and is leaving on (almost) ANY interface, NAT will be performed unless you configure a manual "anti-NAT" rule at the top of the NAT rulebase specifying where you don't want NAT to occur. The classic example is traffic coming from the inside network being Hide NATted, even if it is just going to the DMZ. Normally one does not need to NAT traffic between the internal network and the DMZ, but Check Point will NAT it anyway unless an anti-NAT rule tells it not to. In most Check Point deployments this leads to a rather odd-looking NAT rulebase configuration specifying all the situations where one does NOT want NAT to occur first, followed by all the automatically-generated NAT rules catching and NATing everything else. So on Cisco you specify a specific interface pair where you want NAT to occur, on a Check Point it will NAT it going everywhere unless you tell it otherwise.

    There are no security zones or a way to specify a specific interface in the security rulebase or NAT policy on a Check Point right now but there will be very soon (hint hint). When that becomes available Cisco to Check Point conversions from a NAT perspective will become a piece of cake.

    For IPSec VPNs, Cisco and Check Point are fairly similar under the hood, and an interoperable VPN between a Check Point and Cisco is probably one of the easiest combinations to get working properly. As noted by another poster the VPN tunnel settings we all know and love are located on the VPN Community objects under the IPSec VPN tab, however you are only allowed to have one set of VPN configuration settings (transform set) per VPN Community.

    One other thing: defining what constitutes "interesting" VPN traffic on a Check Point. This is NOT controlled via the rule base and its VPN column (although obviously the rule base must accept the traffic or it will never be allowed into the VPN tunnel). This is controlled by something called the VPN Domains which are configured on the Topology screen of your firewall object and the peer firewall object. Assume the traffic is allowed by the rule base; if the source IP of the packet falls within your firewall's defined VPN domain *and* the destination IP address of the packet falls within a VPN peer's domain, the traffic is interesting and will be encrypted. If only one condition or neither condition are true, the packet will be forwarded in the clear.

    That is all I can think of right now, feel free to ask further questions.
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  6. #6
    Join Date
    2006-09-26
    Posts
    2,735
    Rep Power
    13

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by ShadowPeak.com View Post
    For students that attend my Check Point classes your Cisco background is very common, which is why I maintain (and just renewed) my CCNA Security certification.
    someone with your skills, why not go for CCIE Security?

  7. #7
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    1,817
    Rep Power
    10

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by cciesec2006 View Post
    someone with your skills, why not go for CCIE Security?
    Thought about it when I was a CCNP Security long ago, and concluded I didn't want to give up a year of my life (and foot the bill myself) to get it. Would be even tougher now since I no longer work with Cisco devices day-to-day.
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  8. #8
    Join Date
    2006-09-26
    Posts
    2,735
    Rep Power
    13

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by ShadowPeak.com View Post
    Thought about it when I was a CCNP Security long ago, and concluded I didn't want to give up a year of my life (and foot the bill myself) to get it.
    I thought the same thing you did 12 years ago but I am glad I didn't follow through.

    After failing the CCIE Security lab twice, I was just about to give up; however, my wife told me "you're so close, you should not give up. You're setting bad examples for our children. You're much better than this."

    I gave myself five months of non-stop preparation. Everyday after work and on weekends, I locked myself in the basement preparing for the lab. I was going to give it one last attempt. If it does not work out, I can say to myself that I gave everything I have.

    Flew out to San Jose from DC to take the lab. I still remember like it was yesterday. I was very calm during the exam and finish everything in the lab just before lunch. I was actually enjoying lunch. After lunch, I resumed the lab and checked everything at least 10 times. the lab officially ended at 4pm but I was done at 3pm because there was nothing left for me to do.

    I didn't have to leave because my flight was at 9pm so I hung around and talked to the exam proctor. I was telling with the exam proctor that this will be my last attempt even if I failed. He looked at my lab work and gave me a smile and gave a me hint that I will be a very happy person tomorrow.

    Took the red-eye flight home and landed at the airport at 8am on a Wednesday. I didn't sleep and show up for work. By 3pm, I receive an email from Cisco about the test result. I logged into the web site and found out that I passed.

    Does it make me a better engineer because I passed the exam? Absolutely NOT. All it tells me is that I can do it. As the late legend basketball coach Dean Smith once said to then assistant Roy Williams (who is now a legend basketball coach in his own right) after winning his first NCAA basketball championship: "I am not a better coach now than I was three hours ago".

    sometimes when I am in my work office and not very happy, I look at the CCIE plaque and it reminds me that I didn't give up pursuing the CCIE Security.

  9. #9
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    358
    Rep Power
    3

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by cciesec2006 View Post
    I thought the same thing you did 12 years ago but I am glad I didn't follow through.

    After failing the CCIE Security lab twice, I was just about to give up; however, my wife told me "you're so close, you should not give up. You're setting bad examples for our children. You're much better than this."

    I gave myself five months of non-stop preparation. Everyday after work and on weekends, I locked myself in the basement preparing for the lab. I was going to give it one last attempt. If it does not work out, I can say to myself that I gave everything I have.

    Flew out to San Jose from DC to take the lab. I still remember like it was yesterday. I was very calm during the exam and finish everything in the lab just before lunch. I was actually enjoying lunch. After lunch, I resumed the lab and checked everything at least 10 times. the lab officially ended at 4pm but I was done at 3pm because there was nothing left for me to do.

    I didn't have to leave because my flight was at 9pm so I hung around and talked to the exam proctor. I was telling with the exam proctor that this will be my last attempt even if I failed. He looked at my lab work and gave me a smile and gave a me hint that I will be a very happy person tomorrow.

    Took the red-eye flight home and landed at the airport at 8am on a Wednesday. I didn't sleep and show up for work. By 3pm, I receive an email from Cisco about the test result. I logged into the web site and found out that I passed.

    Does it make me a better engineer because I passed the exam? Absolutely NOT. All it tells me is that I can do it. As the late legend basketball coach Dean Smith once said to then assistant Roy Williams (who is now a legend basketball coach in his own right) after winning his first NCAA basketball championship: "I am not a better coach now than I was three hours ago".

    sometimes when I am in my work office and not very happy, I look at the CCIE plaque and it reminds me that I didn't give up pursuing the CCIE Security.
    You know what? Despite your sometimes unnecessary dislike (border hatred I would argue) for CP and CP TAC, this is a rather inspiring story.
    Thank you for this!

  10. #10
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,135
    Rep Power
    14

    Default Re: Checkpoint for Cisco guys

    Gotta admit, that is a cool story.
    While I never got a CCIE, I do know that it takes a lot of work and commitment to get one.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  11. #11
    Join Date
    2015-12-23
    Posts
    36
    Rep Power
    0

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by cciesec2006 View Post
    Going from Cisco to Checkpoint will be a HUGE change for you. For me personally, I was working with both Checkpoint and Cisco at the same time and with a strong background in Linux, it was a big help for me.

    Most folks, not all, with Cisco experiences just don't have enough Unix/Linux skills which checkpoint requires to be a good Checkpoint Engineer. The opposite is also true. Checkpoint Engineers, not Checkpoint TAC, who are also excellent engineers, that I know of, are excellent Unix/DBA and coders, in addition to be an excellent Cisco engineers as well.

    If you can do both Checkpoint and Cisco, there will be a huge demand for your services.

    I've worked with Cisco routers and switch over the last 10 years. I made a huge decision switching over to security recently. my only security experience was time I spent taking the CCSP classes years ago. my transition to Checkpoint has been a challenge. some of the issues are what you mentioned regarding TAC. our Diamond support isn't any better. in fact I try to avoid US base TAC and call in at night so I could speak to engineers in Israel. the level of knowledge is day and night between them. the problem is Israel does not want to engage in troubleshooting unless it is service critically impacted. they would give me the run around and end up passing the ticket to my diamond engineer. one of my reasons I join this community is to find answers TAC could not provide, and hopefully in time I could provide solutions for others.

    I've read many of your posts and I dont agree with those who label you as a CP hater. for some of us who work with Cisco TAC one can truely understand the frustration having to deal with Checkpoint TAC. I totally agree with you that strong Linux skills is required to be a better Checkpoint engineer.

  12. #12
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    495
    Rep Power
    4

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by wayne0206 View Post
    I've worked with Cisco routers and switch over the last 10 years. I made a huge decision switching over to security recently. my only security experience was time I spent taking the CCSP classes years ago. my transition to Checkpoint has been a challenge. some of the issues are what you mentioned regarding TAC. our Diamond support isn't any better. in fact I try to avoid US base TAC and call in at night so I could speak to engineers in Israel. the level of knowledge is day and night between them. the problem is Israel does not want to engage in troubleshooting unless it is service critically impacted. they would give me the run around and end up passing the ticket to my diamond engineer. one of my reasons I join this community is to find answers TAC could not provide, and hopefully in time I could provide solutions for others.

    I've read many of your posts and I dont agree with those who label you as a CP hater. for some of us who work with Cisco TAC one can truely understand the frustration having to deal with Checkpoint TAC. I totally agree with you that strong Linux skills is required to be a better Checkpoint engineer.
    On how many tickets you've used this strategy?
    I did the opposite for what you mentioned here: asked to transfer tickets from Israel to Canada team as much as possible. Then changed my strategy into opening the ticket late into the evening (for Israel and me) so a Canada engineer can pick it up .

  13. #13
    Join Date
    2006-09-26
    Posts
    2,735
    Rep Power
    13

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by laf_c View Post
    On how many tickets you've used this strategy?
    I did the opposite for what you mentioned here: asked to transfer tickets from Israel to Canada team as much as possible. hen changed my strategy into opening the ticket late into the evening (for Israel and me) so a Canada engineer can pick it up .
    This is just my personal feeling but I dont' think the CP TAC engineer is any good either. I have a few open cases with them and it is going nowhere.

    Quote Originally Posted by wayne0206 View Post View Post
    some of the issues are what you mentioned regarding TAC. our Diamond support isn't any better
    You just confirm my belief that Diamond support is not worth the money that it is led to believe. Checkpoint has been pushing us to purchases Diamond support and I am glad you confirmed my suspicions.

    Let me make a few points here:

    I do not hate Checkpoint. I neither hate Checkpoint TAC or Cisco TAC. I just want to get my issue resolve regardless of vendors. I couldn't careless if the vendors are Cisco, Checkpoint, Oracle, etc...

    There are many differences between Checkpoint Diamond Support and Cisco Advanced Services and here are few that I can think of:

    Checkpoint Diamond or premium support:
    When you open a TAC case with Checkpoint, you get a very low level TAC engineer to work with you on the ticket. They are, not the fault of their owns, are completely not helpful to me at all. Asking me to run basic stuffs that I already did. Completely wasting my time. It is like a parents talking to a 10 years old child

    Now when the case is escalated to another level engineer, this person has a little bit knowledge of the issue but not enough to understand to troubleshoot my issue. What this engineer is looking through checkpoint SK and make recommendation. Many times, the recommendation is completely useless. What he/she asking for the the usual stuffs cpinfo from the management/gateways. Many times, that does not yield any useful information and the CP engineer does not have a deep understanding on how the application works. The recommendation is to "upgrade" even though they have no idea if the upgrade will fix the issue.

    Now the case gets to another CP engineer. This person wants you to run debug on the gateways that might crash the gateways.
    Checkpoint does not have ability to reproduce anything in its own environment and that is a fact. I've been told this many times. Checkpoint just does not have the resources to do this.

    Basically, the customer is left with little choice by taking risks of providing checkpoint with the debugs on the production system even if running this on production system might crash the gateways.

    Cisco Advanced Services:
    Every time when I call in with an issue, I can talk to a senior level engineer who can understand my issue instead of running through multiple hoops like with Checkpoint suport. This person, either routing/switching or Firewall, can talk to me at the peer level without having to repeat myself and not asking basic questions like Checkpoint TAC

    Cisco will also ask me to run the debug on the production as well. However, if I tell them that it is a "risk", they will not ask me to do that. Instead, they will try to reproduce this issue in their lab environment. Cisco TAC engineers are great with not just Cisco devices but with Checkpoint and other vendors as well, Oracle, SAP, to name a few. They will work with me to identify the issue and come up with a fix for my production environment. If Cisco tells me to upgrade, they are reasonably confident that the upgrade will fix my issue, not like Checkpoint "trial and error" approach.

    I am glad wayne0206 has been dealing with both Checkpoint and Cisco support and agree with me.

  14. #14
    Join Date
    2005-10-12
    Posts
    443
    Rep Power
    12

    Default Re: Checkpoint for Cisco guys

    Your CCIE story is Cool mate. I was lucky to have nailed the CCIE Security in my 1st attempt. but had slogged crazily over it for almost a year cause with every preparation I was always left to revise over & over again and practice more scenarios.

    Regards

    Sebastan

  15. #15
    Join Date
    2015-12-23
    Posts
    36
    Rep Power
    0

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by cciesec2006 View Post
    This is just my personal feeling but I dont' think the CP TAC engineer is any good either. I have a few open cases with them and it is going nowhere.



    You just confirm my belief that Diamond support is not worth the money that it is led to believe. Checkpoint has been pushing us to purchases Diamond support and I am glad you confirmed my suspicions.

    Let me make a few points here:

    I do not hate Checkpoint. I neither hate Checkpoint TAC or Cisco TAC. I just want to get my issue resolve regardless of vendors. I couldn't careless if the vendors are Cisco, Checkpoint, Oracle, etc...

    There are many differences between Checkpoint Diamond Support and Cisco Advanced Services and here are few that I can think of:

    Checkpoint Diamond or premium support:
    When you open a TAC case with Checkpoint, you get a very low level TAC engineer to work with you on the ticket. They are, not the fault of their owns, are completely not helpful to me at all. Asking me to run basic stuffs that I already did. Completely wasting my time. It is like a parents talking to a 10 years old child

    Now when the case is escalated to another level engineer, this person has a little bit knowledge of the issue but not enough to understand to troubleshoot my issue. What this engineer is looking through checkpoint SK and make recommendation. Many times, the recommendation is completely useless. What he/she asking for the the usual stuffs cpinfo from the management/gateways. Many times, that does not yield any useful information and the CP engineer does not have a deep understanding on how the application works. The recommendation is to "upgrade" even though they have no idea if the upgrade will fix the issue.

    Now the case gets to another CP engineer. This person wants you to run debug on the gateways that might crash the gateways.
    Checkpoint does not have ability to reproduce anything in its own environment and that is a fact. I've been told this many times. Checkpoint just does not have the resources to do this.

    Basically, the customer is left with little choice by taking risks of providing checkpoint with the debugs on the production system even if running this on production system might crash the gateways.

    Cisco Advanced Services:
    Every time when I call in with an issue, I can talk to a senior level engineer who can understand my issue instead of running through multiple hoops like with Checkpoint suport. This person, either routing/switching or Firewall, can talk to me at the peer level without having to repeat myself and not asking basic questions like Checkpoint TAC

    Cisco will also ask me to run the debug on the production as well. However, if I tell them that it is a "risk", they will not ask me to do that. Instead, they will try to reproduce this issue in their lab environment. Cisco TAC engineers are great with not just Cisco devices but with Checkpoint and other vendors as well, Oracle, SAP, to name a few. They will work with me to identify the issue and come up with a fix for my production environment. If Cisco tells me to upgrade, they are reasonably confident that the upgrade will fix my issue, not like Checkpoint "trial and error" approach.

    I am glad wayne0206 has been dealing with both Checkpoint and Cisco support and agree with me.
    LOL. you hit the nail on the head. from what I gather, Checkpoint acknowledge some of their deficiencies and are constantly working to improve. It's just that they are a 800lb guerrilla which shouldn't be this way to begin with.

    I did not know there is a Canadian CP TAC. Does anyone have their support number?

    let's not dwell on the negative experience.

  16. #16
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    495
    Rep Power
    4

    Default Re: Checkpoint for Cisco guys

    Quote Originally Posted by wayne0206 View Post
    LOL. you hit the nail on the head. from what I gather, Checkpoint acknowledge some of their deficiencies and are constantly working to improve. It's just that they are a 800lb guerrilla which shouldn't be this way to begin with.

    I did not know there is a Canadian CP TAC. Does anyone have their support number?

    let's not dwell on the negative experience.
    I don't have their numbers, just got my tickets escalated and as already mentioned about 10 tickets from 2015 have been solved by these guys (actually just two of them). While on Israel they just ask for time while doing nothing. I currently have one ticket opened since January 28 (on Israel) and we managed to stop recurrent outages after 9 weeks. After that they seem incapable of just providing a software fix and just send me periodic emails:
    Thank you for your patience,

    This still under R&D investigation, I will let you know once we have any update about it.

    If you have any questions, do not hesitate to contact me.


    As for the comparison between CP and Cisco I 100% subscribe to cciesec2006 post. He couldn't say it better than that.

  17. #17
    Join Date
    2016-05-04
    Posts
    3
    Rep Power
    0

    Default Re: Checkpoint for Cisco guys

    Hi,

    sorry for my very late reply but after posting my question I was caught on other tasks and for a couple of weeks I had to focus on something else.

    As to the comparison between CP and Cisco TAC I can assure that the latter rocks (no experience with CP's) and since I was deeply involved with the Cisco guys I can say that when it comes to real and helpful support they are just amazing and they try their best to solve the problem. It's another world completely.

    As to my question I'd like to understand what goes on in the CP box and I think I have enough Linux experience to dig within it if necessary.
    I'm not even scared of getting data in binary format and poorly formatted and gather info from several sources if this helps in getting the info I need.

    For VPNs I know there is the "vpn tu" command but would you suggest others to get the full picture of what's configured in the box and what's the current status of the box? In ASCII format if possible. And even if it's another philosofy I'd like to go at the heart of the question.

    One practical aspect of my question would be to replace a single firewall (one context or one routing table as you prefer) with VSX. At the moment we have traffic from different environments that can be definitevely segregated but that over the years ended up in being managed within one context.
    Eventually a huge big enormous ACL will be split (with some changes of course, some rules will apply to all the contexts) into many and smaller ones pertinent to each virtual context in the VSX environment.
    For that I must do an analysis of which rules apply to the source and/or destination objects and for that the graphical form or the compiled ACL won't help at all.

    I'm still dreaming the moon or I may gain ground towards my goals? :-)

    Axllxa

Similar Threads

  1. Cisco VPN client through CheckPoint to Cisco PIX
    By MatsB in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 4
    Last Post: 2010-10-14, 14:38
  2. CheckPoint to Cisco ASA VPN
    By amqanadilo in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 8
    Last Post: 2008-09-11, 09:39
  3. Checkpoint to Cisco VPN
    By Steve in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 4
    Last Post: 2008-09-04, 10:59
  4. Cisco VPN through checkpoint
    By danzaka in forum Interoperability
    Replies: 2
    Last Post: 2008-06-19, 16:30
  5. vpn between checkpoint and cisco pix
    By ibur99 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 6
    Last Post: 2006-07-15, 05:51

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •