On addition to the other responses, the ability to assign a specific network
range has a big benefit when crafting the desktop security policy rules. You
know the IP address range assigned to your remote clients. In addition, you
can use the ipassignment.conf file to assign a specific Office Mode IP
address to specific people, like your firewall admins. Then you can add
those Office Mode IP addresses as GUI clients for Check Point, for example,
or to router and switch ACLs for remote administration..
No drawbacks that I've come across.
Ray
From: Reinhard Stich <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] What is OfficeMode exactly
Date: Mon, 7 Feb 2005 16:23:27 +0100
At 16:06 07.02.2005, you wrote:
Reinhard Stich wrote:
At 12:35 07.02.2005, you wrote:
Hi,
we've been using plain SecuRemote and want to step up to SecureClient.
Now I come across OfficeMode and don't really understand what it's all
about. Ok, I can assign an internal IP address to the client.
yes, and you can assign a DNS and WINs-server. like with DHCP.
IP Pools works with SecuRemote to assign an internal address, too
(works fine here) ...
yes, but in this case the firewall does the NAT for you - and if you
VPN-client is behind a NAT-device with an internal IP of you LAN ... good
luck :-)
I think I recall that it is possible to assign the
"internal DNS" server too, but we don't need that right now -- can
someone confirm this?
split DNS is what you're talking about, office mode is easier to configure.
cheers
reinhard
Don't know about WINS, we set that manually.
But why?
to know the client's IP-address on the internal systems and to set the
DNS
to an internal one.
Another example, if you use TCP wrappers on 'nix hosts or other
systems
to limit access, as a security measure, the internal IP address is
allowed access.
no more problems with local nets behind HAT-devices ...
cheers
reinhard
What other advantages do I have with OfficeMode? And on the contrary,
are there any drawbacks or caveats when using it?
Thanks for you input!
Sascha
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Reinhard Stich ASSIST [EMAIL PROTECTED]
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Reinhard Stich ASSIST [EMAIL PROTECTED]
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
