RE: [fw-wiz] Remote Access via Checkpoint VPN

MHawkins_at_TULLIB.COM
Date: 08/18/04

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""
    To: Michel.Ludolph@atosorigin.com, firewall-wizards@honor.icsalabs.com
    Date: Tue, 17 Aug 2004 22:00:18 -0400
    
    

    Michel,

    You're completely off you're nut!

    If you don't use a public IP on your firewall then I would suggest that alot
    of your PMTU is broken as well as your potential VPN.

    You should definitely configure a public IP on your firewall.

    That's the only way to make it work correctly.

    IMHO.

    Mike H

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Ludolph,
    Michel
    Sent: Tuesday, August 17, 2004 4:52 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Remote Access via Checkpoint VPN

    Hello,

    I have the following setup up with Checkpoint FW-1:

    Internet------10.x.x.x--FW--10.x.x.x----- Internal network
                                    |
                                    |
                                    |
                            20.20.20.20 (DMZ)

    Pease note:
    - the external FW-interface has a private IP-address (10.x.x.x).
    - the DMZ FW-interface has a public IP-address (20.20.20.20 as an example)

    I would like to setup a VPN on the FW, to which a remote client can connect
    via the Internet, using SecureClient. According to Checkpoint documentation
    the VPN should bind to the FW-external interface. This is the problem, my
    FW-external interface has a private IP-address, which is not routable via
    the Internet. In order to make this working I would like the VPN to bind to
    the DMZ-interface (20.20.20.20) instead of the external interface.

    Has anyone setup such a VPN and does it work or do you have any suggestions?

    Thanks for your help.

    michelDOTludolphATatosoriginDOTcom
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""

    Relevant Pages

    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
      (Focus-IDS)
    • Re: Firewall Info/Recommendations?
      ... I would seriously consider an air-gap solution. ... Let me outline a few features that no other firewall can touch. ... Provide secure access without a VPN from any web browser (this greatly ... > manageable without much higher-level support if you want things like ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
      ... complexity and architectural inelegance of having 3-5 gateway security ... VPN) convinced me to eventually champion a migration to Symantec's SGS ... Nice balance of "default deny" at the firewall, ...
      (Firewall-Wizards)
    • Re: VPN Firewall for new webserver
      ... > I'm setting up a webserver at a colocation and I need to put a VPN ... You're not going to get a quality firewall for that amount, ... and D-Link makes a DI-804HV unit ... users access to the SQL server, let them do it through a VPN session. ...
      (comp.security.firewalls)
    • Re: two winxp home machines, varied results
      ... >The only firewall I have on my machine *aside* from the Cisco VPN ... Please don't change "restrictAnonymoussam", only ... >Here is the IPCONFIG and BROWSTAT listings for each machine. ...
      (microsoft.public.windowsxp.network_web)