Re: [fw-wiz] Remote Access via Checkpoint VPN

From: Erick Mechler (
Date: 08/18/04

  • Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
    To: MHawkins@TULLIB.COM
    Date: Tue, 17 Aug 2004 19:15:10 -0700

    :: You're completely off you're nut!
    :: If you don't use a public IP on your firewall then I would suggest that alot
    :: of your PMTU is broken as well as your potential VPN.

    I wouldn't say he's "completely" off his nut... :) I have plenty of FWs
    with physical private IPs that have public IP blocks routed to them,
    however this will not work in a VPN deployment.

    Michel, you can't terminate a CheckPoint VPN on a FW that doesn't have a
    public IP associated with its physical interface. The VPN won't work that

    Cheers - Erick
    firewall-wizards mailing list

  • Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Remote Access via Checkpoint VPN"

    Relevant Pages

    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    • Re: VPN Firewall for new webserver
      ... > I'm setting up a webserver at a colocation and I need to put a VPN ... You're not going to get a quality firewall for that amount, ... and D-Link makes a DI-804HV unit ... users access to the SQL server, let them do it through a VPN session. ...
    • Re: Firewall Info/Recommendations?
      ... I would seriously consider an air-gap solution. ... Let me outline a few features that no other firewall can touch. ... Provide secure access without a VPN from any web browser (this greatly ... > manageable without much higher-level support if you want things like ...
    • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
      ... complexity and architectural inelegance of having 3-5 gateway security ... VPN) convinced me to eventually champion a migration to Symantec's SGS ... Nice balance of "default deny" at the firewall, ...
    • Re: two winxp home machines, varied results
      ... >The only firewall I have on my machine *aside* from the Cisco VPN ... Please don't change "restrictAnonymoussam", only ... >Here is the IPCONFIG and BROWSTAT listings for each machine. ...