Yes, you could for most firewalls, and we do for non-Checkpoint firewalls
in customer deployments.
This problem is endemic to the method Checkpoint uses to authenticate its
license on startup. If it does not find the IP address in the correct
location (e.g. registry entry for a static interface IP address), it will
not look any further.
This was the 'official' word from Checkpoint about 2 years ago (our
install version was 3.0a) and I have not attempted it with any of the more
recent versions. I also do not recommend Checkpoint to our customers due
to this behavior.
Joe
----- Original Message -----
From: "Gregory Hicks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, July 26, 2000 11:37 PM
Subject: Re: Checkpoint & DHCP
> Although I haven't tried DHCP for a firewall, You should be able to
> 'reserve' an IP address by MAC address for the firewall machine. This
> will keep the IP address constant ...
>
> Regards,
> Gregory Hicks
>
> > Date: Wed, 26 Jul 2000 17:32:20 -0700
> > From: Daniel Harrison <[EMAIL PROTECTED]>
> >
> > Not that I have actually tried it with DHCP but you can license the
machines
> > based on host ID (at least I know this is possible with solaris).
> >
> > Daniel Harrison
> > Security/Systems Admin.
> > Loudcloud, Inc.
> >
> > Joe McLeod wrote:
> >
> > > We tried to do it once, but because Checkpoint FW1 licenses are tied
to the
> > > IP address, it would not function correctly.
>
> > > ----- Original Message -----
> > > From: "Kenneth Whitfield" <[EMAIL PROTECTED]>
> > > Sent: Wednesday, July 26, 2000 9:48 PM
> > >
> > > > Wondering if anyone has ever configured a CheckPoint firewall to use
a
> > > > DHCP server to set the ip address of its external interface. If so,
> > > > please enlightened!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
