Thanks Ray (and Sin) for your advice.
Is there an SK for building and deploying a policy for a remotely
managed gateway? or can anyone give me the basics?
Thanks in advance,
Alan
At 05:15 PM 8/12/2007, Ray wrote:
There's an SK article on what protections require a WI license.
CPMAD, SQL Injection, LDAP Injection, and one other thing, if I
recall correctly. If you un-check those, you should be OK.
Web Intelligence's biggest failing is that it does not work on SSL
traffic, which is where you really want to protect this kind of
stuff. FW-1 can't do SSL termination, which severely limits its
inspection ability.
Apparently there used to be an add-in OPSEC card that did allow FW-1
to do SSL inspection, but the vendor got bought out late last year
and the product was discontinued.
Ray
From: Alan Choyna <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Deploying new gateway to be remotely managed.
Date: Sat, 11 Aug 2007 14:41:48 -0500
Hi Guru's,
We've just built a new SPLAT R62 gateway at a new data center to be
remotely managed by a management server (with the same version of
R62) at another data center.
l was able to SIC the new gateway to the management server, so it
is now ready to have a policy pushed to it.
This is our first experience of setting up a remotely managed
gateway, and l don;t know how to set up it's policy on the management server.
Can some please advise on the initial configuration of the policy
for the new gateway on the management server?
After getting SIC with the new gateway on the management server l
cannot push policy to the cluster even when de-selecting the new
gateway. l get the error message:
Security and Address Translation Policy Verification:
Additional licenses for Web Intelligence are required.
You have (0) Web Intelligence license installed, while (1) gateway
is .involved in Web Intelligence protection.
How do l disable web Intelligence on the new gateway? Since l
cannot connect to it remotely as yet (no policy). l have not yet
installed it's correct license, it's still running on the eval license for now.
Thanks in advance for your advise,
Alan
Alan C. Choyna
Director of Infrastructure
Pathfinder Associates, LLC
<http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com
Internet Strategy Business Consultants
<mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>.com
Business telephone (312) 372-1058 ext 6003. Mobile (773) 255-6662
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Tease your brain--play Clink! Win cool prizes!
http://club.live.com/clink.aspx?icid=clink_hotmailtextlink2
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
