Well, i need this because the Edges are sending their logs to my
Gateway, and these messages are dropped, 'cause they 're not encrypted.
When I'm using that "group workarround", the messages are encrypted, and
therefore are accepted...
--
http://schmidt.bs-server.com
Ray schrieb:
Hi Markus,
Out of curiosity, why is it important? It's also odd because in a
simplified VPN policy, which is required for managed Edge boxes, the
external interface of regular FW-1 boxes are automatically included in
the encryption domain.
Is it possible that the Edge external interfaces are but the traffic
you're using is getting accepted on an implied rule (which are always
before the VPN rules)? It doesn't sound like it because of the group
thing you're doing, though.
Ray
From: Markus Schmidt <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Gateway allways in Encryption Domain?
Date: Wed, 29 Nov 2006 17:05:09 +0100
Hi
We're talking about VPN-1 edges with the latest firmware and a NGX
R61_HFA01 Gateway/Management.
I have the following Situation: A central Gateway and some Edges (with
dynamic Adresses) living in a Star Community. The Traffic from beheind
the edges (their encryption Domains) goes perfectly through the VPN,
while the traffic originating directly from the edges does not.
In SmartDashboard, I have Network Objects for the edge's encryption
Domains. These Network Objects are used for manually defining the edge
encryption Domains.
A workarround is to replace these network Objects by group Objects,
containing the network Objects AND the edge Object. This seems ugly to
me, but it works.
Is there a better way? Is there a switch like "the gateway is allways
in the encryption Domain, or something like that?
--
http://schmidt.bs-server.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Talk now to your Hotmail contacts with Windows Live Messenger.
http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://get.live.com/messenger/overview
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
