-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Martin Hoz Sent: 03 Agustus 2005 8:56 To: [email protected] Subject: Re: [FW-1] SPLAT vs. SPLAT Pro SPLAT pro uses another thing that is not Zebra. SPLAT with Zebra doesn't support Clustering configurations (instead of 1 peer shows 2).SPLAT Pro supports Clustering configurations (only one peer is shown to the routing clowd). SPLAT pro has a cute CLI for configuring the dynamic routing. SPLAT with Zebra doesn't support dynamic routing inside the VPN, SPLAT Pro does (with the new Route based VPNs). SPLAT Pro supports Multicasting. SPLAT pro soports centralized RADIUS authentication.
You may enable your SPLAT and convert it to SPLAT pro using "pro enable", but you need a license. Is all in the manuals :-) I guess Zebra is there if you feel ok with it, and you want to continue using it. That's fine. My take would be that if you need something more advanced (i.e. Clustering *and* dynamic routing, or route-based VPNs with dynamic routing inside that) SPLAT Pro is the way to go... - MartÃn. -----End of Original Message----- I was planning to implement MEP VPN with RIM. So would it possible to do it with just NGX and SPLAT, or should I use SPLAT Pro? Since in RIM manual I found that RIM need "dynamic routing protocol to propagate the encryption domain of a VPN-1 Pro peer gateway to the internal network" My condition: Two ISPs link, each using FW-1 enforcement point, and 1 SmartCentre. We're using NG FP3 at the moment. We don't have any proxy/router gateway behind the firewalls. So default gateway is push by DHCP server or set manually on client PCs. There would be a little hassle for browsing user when one of the ISP's link is down. But the real problem is with VPN connection. We cannot just change the client routing because the other gateway doesn't have VPN connection established. That's why I'm trying to implement the MEP VPN. And I'm thinking that MEP with IP Pool NAT wouldn't work since the traffic will initiate from our site, not from remote site. I'd love to hear your advise on this, thank you. Sincerely, Adit ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
