RE: [fw-wiz] Remote Access via Checkpoint VPN

Date: 08/18/04

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""
    Date: Tue, 17 Aug 2004 22:00:18 -0400


    You're completely off you're nut!

    If you don't use a public IP on your firewall then I would suggest that alot
    of your PMTU is broken as well as your potential VPN.

    You should definitely configure a public IP on your firewall.

    That's the only way to make it work correctly.


    Mike H

    -----Original Message-----
    []On Behalf Of Ludolph,
    Sent: Tuesday, August 17, 2004 4:52 AM
    Subject: [fw-wiz] Remote Access via Checkpoint VPN


    I have the following setup up with Checkpoint FW-1:

    Internet------10.x.x.x--FW--10.x.x.x----- Internal network

    Pease note:
    - the external FW-interface has a private IP-address (10.x.x.x).
    - the DMZ FW-interface has a public IP-address ( as an example)

    I would like to setup a VPN on the FW, to which a remote client can connect
    via the Internet, using SecureClient. According to Checkpoint documentation
    the VPN should bind to the FW-external interface. This is the problem, my
    FW-external interface has a private IP-address, which is not routable via
    the Internet. In order to make this working I would like the VPN to bind to
    the DMZ-interface ( instead of the external interface.

    Has anyone setup such a VPN and does it work or do you have any suggestions?

    Thanks for your help.

    firewall-wizards mailing list
    firewall-wizards mailing list

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""

    Relevant Pages

    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    • Re: VPN Firewall for new webserver
      ... > I'm setting up a webserver at a colocation and I need to put a VPN ... You're not going to get a quality firewall for that amount, ... and D-Link makes a DI-804HV unit ... users access to the SQL server, let them do it through a VPN session. ...
    • Re: Firewall Info/Recommendations?
      ... I would seriously consider an air-gap solution. ... Let me outline a few features that no other firewall can touch. ... Provide secure access without a VPN from any web browser (this greatly ... > manageable without much higher-level support if you want things like ...
    • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
      ... complexity and architectural inelegance of having 3-5 gateway security ... VPN) convinced me to eventually champion a migration to Symantec's SGS ... Nice balance of "default deny" at the firewall, ...
    • Re: two winxp home machines, varied results
      ... >The only firewall I have on my machine *aside* from the Cisco VPN ... Please don't change "restrictAnonymoussam", only ... >Here is the IPCONFIG and BROWSTAT listings for each machine. ...