I had fallen into similar situation: Customer has small branch(with 4-5 PC). Each branch has 1 PC connect VPN to HQ's VPN server (using MS PPP VPN) through sole dial-up line. Then it share this connection to other PCs. They bought a Check Point firewall+ SecureClient licenses. They want to replace old MS VPN with CP VPN How can they do? Have any one got hints Luannt
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Kim, Cameron Sent: Thursday, November 25, 2004 12:37 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecureClient R55 as "router" Here are my thoughts. A) split tunneling is disabled. (in this case all traffic, is destined down the VPN tunnel). This is specifically designed to prevent your type of scenario and/or other attack vectors brought on by trojans, viruses, rootkits, etc. Usually modification of routes will automatically drop the connection. B) even if split tunneling is enabled (allowing you to connect to corporate, while using the other line for internet), this "other" network will need to be defined as a network on the vpn endpoint, otherwise at best, anti-spoofing rules will drop the packets. At worst, the firewall will route the packet to the destination and then back out to wherever its default route is assigned. You would really have to NAT the traffic to the whatever IP is provided by vpn server, for traffic to flow. I don't know if this is a cost saving measure into establishing a Site to Site VPN back to corporate. I am not even sure if secureclient will work with win2k server. I understand there is a scaled down version of Checkpoint that allows you just to use the site to site VPN piece instead of paying for the usual checkpoint fw-1 license. That would really make more sense. Cameron Kim -----Original Message----- From: Bona Gianluca [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 8:00 AM To: [EMAIL PROTECTED] Subject: [FW-1] SecureClient R55 as "router" Hi to everyone! Has ever enyone of you tryed to configure a PC with SecuClient as a router, in order to route packets coming from/to another network attached to his second ethernet through VPN (by his primary ethernet card)? Obviously FW1 assign to the clinet always same IP address, associated by the same user, in Office Mode and the PC is a W2000 server with 2 ethernet card and routing enabled. Thanks in advance!! Gianluca �Le informazioni contenute in questo messaggio di posta elettronica sono destinate esclusivamente agli individui e agli enti ai quali risulta indirizzato.Il suo contenuto (inclusi gli allegati) sono confidenziali e riservati: se Lei non � tra i destinatari originari non deve utilizzare, rivelare, trasmettere, copiare n� stampare il suo contenuto; se Lei ha ricevuto questo messaggio di posta elettronica per errore , � pregato di avvisarci inviando un messaggio di posta elettronica all'indirizzo del mittente, e quindi cancellare e distruggere il messaggio dal Suo sistema� �The information contained in this e-mail is intended only for the individual or entity to whom it is addressed . Its contents (including any attachments) are confidential and privileged: if you are not an intended recipient you must not use, disclose, disseminate, copy or print its contents; If you have received this email by mistake please notify us by emailing the sender, and then delete and destroy the email and any copies from your system� ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
