Your answer confirms my worst fears.
Support has expired on my firewall and I think I might have to pay for help
with it. I've inserted the reasons below.
Thanks, though, for the help so far.
Bob Grabbe
[EMAIL PROTECTED]
----- Original Message -----
From: "Lino Eduardo Avila Rodríguez" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, September 15, 2005 12:42 PM
Subject: Re: [FW-1] Simplified & Traditional VPN
Try www.sofaware.com there are configuration documents and knowlegde base
that will help you.
I did loook in their faqs, but the only docs I cvould find had to do with
connecting two edge boxes, to a cisco firewall, and I think one to a Windows
server.
The things you should check un your edge are this
Check the correct time
Have done this, and it's correct.
Update to the current versión.
Might not be an option, my contract is up and I don't know if I can get
clearance to pay for more support.
I can tell you that first your management has to have a valid IP address
because you edge device looks for it and tries to connect to it.
It does.
For the configuration is like this
Enter to the smartcenter server
Create a profile for the Edge (new checkpoint->profile->vpn-1edge )
This I don't get. When I go to create->Checkpoint I don't have the option to
create a profile. I can create either a new Gateway or an Embedde3d Device,
but the only type of Embedded Device I can create is a Nokia 5X. I'd figure
that I should be creating a new Gateway, though.
The create a new VPN-1 Edge Gateway, associate the profile to it, set up
the
Registration Key (like a password) do not check Externally managed, set it
up if it will have dynamic or static Ip and the press ok, the certificate
then will be generated, then enter to the gateway again and in the vpn tab
there's a certficiate list right click it and then export it to a file.
I think if I can get the registration key, though, I might be able to do
this. Just having a hard time getting it from the vendor. So far, they
haven't given me the Gateway ID and Registration Key to connect to the
Sofaware User Center. Hopefully getting this will help.
This certificate should be automatically imported to your gateway when
you
connect it to your service center (smart center server). If not import it
manually.
When you want to install a rule policy to the edge you'll have to install
It
in the profile. The edge every 20 min updates it's policy and looks for
this
profilein the smartcenter. Also look in the install on tab on your rules,
you'll have to specify to install on your cluster or in your edge profile,
if you don't do this there will be errors on your policy and it won't
install.
Best Regards,
Lino E. Avila
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Bob Grabbe
Sent: Thursday, September 15, 2005 10:59 AM
To: [email protected]
Subject: Re: [FW-1] Simplified & Traditional VPN
Along these same lines, I have a firewall R54 running Secure Platform. I'm
trying to add an Edge X16 box for a remote site, but having problems getting
the two to communicate.
I think one of the problems I'm having is that I've been unable to find how
to export a certificate from the splat platform to import on to the Edge
box.
If anyone has any pointers to any documentation on how to set up a site to
site vpn between these two, I'd appreciate it. Everything I can find so far
is between two platforms of the same type, i.e. edge to edge, or such. I'm
relatively new to the Checkpoint community, so the more simplistic it is the
better.
Thanks
Bob Grabbe
[EMAIL PROTECTED]
----- Original Message -----
From: "Lino Eduardo Avila Rodríguez" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, September 15, 2005 11:41 AM
Subject: Re: [FW-1] Simplified & Traditional VPN
You don't have to change your community, you have to configure in global
properties the simplified mode and then create a new policy so you'll have
your policy in simplified mode and then you create the rules you
previously
have plus the new rules for the edge.
Best regards
Lino
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, September 15, 2005 6:07 AM
To: [email protected]
Subject: [FW-1] Simplified & Traditional VPN
Currently all my VPNs are in traditional mode. I have a "star" topology:
one central management station, one central gateway, a number of remote
gateways. All running NG AI R55.
I now have a VPN-1 Edge box which I'd like to manage from the same
SmartCentre, and build a VPN between the Edge box and the central gateway.
I understand that this new policy needs to be in simplified mode.
However,
does it mean that I have to convert my central gateway into simplified
mode,
if I want to build a VPN between the two? Or can the central gateway stay
in traditional mode?
Thanks!
Huiqi Liu
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
