> -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Martin Hoz > Sent: 03 Agustus 2005 21:34 > To: [email protected] > Subject: Re: [FW-1] SPLAT vs. SPLAT Pro > > RIM is basically injecting a route about the VPN status, to a > router which is neighbor of the central vpn/firewall gateway. > Obviously for the route to be injected the vpn gateway has to > be part of the routing cloud and "speak" dynamic routing, so > a dynamic routing daemon is needed in the gateway. > > In NGX, the only *supported* way to use dynamic routing in a > Check Point environment is using SPLAT Pro, so if you want to > have the official CP blessing on your installation, you'd > have to use SPLAT Pro. As always, you can use Zebra or > install whatever on your SPLAT. > This would leave your installation without support but may > work. If it works this was, you're happy and don't care about > support you can do it without SPLAT Pro, using purely SPLAT.
Thank you very much for your explanation, it seems clear to me now > You mean by this, that you don't have a router in the > "inside" segment, right? > I'm assuming client PCs that are in the "inside" segment, again. Yes, right now the client PCs in "inside" segment is using Firewalls internal interface as default gateway. And we do it statically in network configuration, or via DHCP. That's way I'm thinking of adding one router between firewalls and "inside" segment > Client-to-site or site-to-site VPN connection? (Seems to me > client-to-site, but would like to clarify) > From inside users to an external gateway so they can use resources in > a foreign network, or from external users to the gateways you > manage, so they can use the resources in your "inside" network? > > If it's from inside users to the outside gateway, I don't see > too much use of RIM here, especially because there's no > router inside. If you're talking about site-to-site VPNs > where your 2 gateways connect to foreign offices for example, > and you want the gateways to automatically tell the users > which of the 2 gateways they should use to get out, this is > doable using a router in your inside segment, and then using > RIM in the VPN gateways.... Correct, we are using site-to-site VPN to our remote office. And the traffic is usually initiated from my site. That's why I'm thinking that RIM is a must, and IP Pool NAT will not work. Once again, thank you very much. It really helpful. > HTH. > > - MArtÃn. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
