I seem to recall the opposite, actually. Because generally
you have more control over internal networks, you won't find
yourself beholden to Checkpoint support (an awful position
in which to be). For example, you license it to
245.13.24.16, because that's what your ISP gave you in your
245.13.24.0/29 block of address. Someday, the ISP wants to
change that for whatever reason, or you decide to go with a
new ISP or whatever, and you need to change that external
address. That means changing the FW-1 license. Waiting for
Checkpoint alone may well add a month to the project. If it
was on the internal address, you can change ISPs with
impunity.
If memory serves, this information came from an instructor
at the Checkpoint training classes.
Of course, I could be wrong; if I am I'd like to know.
--andrew
>>> On Thu, 22 Feb 2001 15:34:10 +0100, Matthias Leu
>>> <[EMAIL PROTECTED]> said:
ML> Hi,
ML> usually the external interface of the FW is going to be
ML> licensed. But it works with any other physical interface
ML> of the system, afaik independent of the size of the
ML> license.
ML> If you have a Single Gateway, you also have to define an
ML> external interface - at this interface the number of
ML> detected IP adresses is not counted. Deploying VPN may
ML> need the licensing of the external interface (the
ML> VPN-direction), but usually it works also if some other
ML> interface is licensed.
ML> Hope it helps,
ML> best regards
ML> Matthias
ML> "Mike M. Quimson" wrote:
>> Hi there,
>> I'm just wondering... should the checkpoint license always be binded
>> on the valid or external ip address (ip address of the untrusted
>> domain)? if i use checkpoint firewall on a network that is not
>> connected to the internet and uses private ip addresses, what ip address
>> will i give to checkpoint for licensing? will the license affect the
>> functionality of the firewall with regards to vpn clients considering
>> that i get unlimited user license.
>>
>> Lastly, is there any site that provides info in setting up SecuRemote?
>>
>> Thanks in advance,
>>
>> mike
>>
>> --
>> Get my public key:
>> http://www.isentry.ph/~mike/mike.pgp
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
ML> --------------8940A5A86130F1D6415D46BB
ML> Content-Type: text/x-vcard; charset=us-ascii;
ML> name="mleu.vcf"
ML> Content-Transfer-Encoding: 7bit
ML> Content-Description: Card for Matthias Leu
ML> Content-Disposition: attachment;
ML> filename="mleu.vcf"
ML> begin:vcard
ML> n:Leu;Dr. Matthias
ML> tel;cell:+49 172 8943533
ML> tel;fax:+49 8102 895 199
ML> tel;work:+49 8102 895 190
ML> x-mozilla-html:FALSE
ML> url:http://www.aerasec.de
ML> org:AERAsec Network Services and Security GmbH
ML> adr:;;Wagenberger Strasse 1;D-85662;Hohenbrunn;;
ML> version:2.1
ML> email;internet:[EMAIL PROTECTED]
ML> fn:Dr. Matthias Leu
ML> end:vcard
ML> --------------8940A5A86130F1D6415D46BB--
ML> -
ML> [To unsubscribe, send mail to [EMAIL PROTECTED] with
ML> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
