Just make sure that network is not part of the Encrypt rule. Place the
accept rule above the encrypt rule, then static route the network to the
appropriate place.
I've done this before and it works, it can be tricky depending upon the
platform you are using because of the routing. You may also have issues if
the traffic is going to the same firewall as the encrypted traffic would;
you may need to modify the rulebase there as well.
Good luck.
Regards,
Matt Goddard
Security Information Team
Schneider National
920-592-4787
[EMAIL PROTECTED]
|---------+-------------------------------------------->
| | "Read, Andrew" |
| | <[EMAIL PROTECTED]> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[EMAIL PROTECTED]|
| | KPOINT.COM> |
| | |
| | |
| | 10/11/2004 07:10 PM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
| | |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED] |
| cc:
|
| Subject: [FW-1] Encryption Domain Exceptions
|
>----------------------------------------------------------------------------------------------|
Hi All,
If I have an VPN setup to another firewall (that is managed by the same
Management Server), and the remote firewall's encryption domain is, say
192.168.0.0/16. And I want to route non encrypted traffic for say,
192.168.50.0/24 to a third party, out of a different interface, how do I
avoid the firewall wanting to encrypt this data?
Is the only solution to modify the encryption domain for the remote
firewall?
Regards,
Andrew
************************************************************
The information contained in this email is confidential and
may be legally privileged. If the reader of this message is
not the intended recipient you are hereby notified that any
use, dissemination, distribution, or reproduction of this
message is prohibited. If you have received this message in
error please notify the sender and delete all copies of this
message including any attachments it may contain.
The email or its content does not necessarily represent the
views of the company.
************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
