Good point, nothing is considered trusted anymore. Do you have specific
rules in place only allowing certain ports over your VPN's and another to
block everything else?
Ray
<[EMAIL PROTECTED]
IL.COM> To
Sent by: Mailing [EMAIL PROTECTED]
list for INT.COM
discussion of cc
Firewall-1
<FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] VPN Wire Mode
POINT.COM>
05/11/08 02:21 PM
Please respond to
Mailing list for
discussion of
Firewall-1
<FW-1-MAILINGLIST
@AMADEUS.US.CHECK
POINT.COM>
How much do you trust the people and physical access controls in Mexico?
How locked down are their computers and the network? If something gets
loose on the Mexico network it could travel unimpeded into the rest of the
company. That's a risk I was not prepared to take with our Asian
subsidiaries even though they were our employees.
Ray
> Date: Sun, 11 May 2008 09:42:59 -0500
> From: [EMAIL PROTECTED]
> Subject: [FW-1] VPN Wire Mode
> To: [email protected]
>
> While preparing to add a second external interface and a T1 to have a
> dedicated T1 for a site-to-site VPN with an Edge device and remote VPN
> users I ran across "Wire Mode". I currently am not using Wire Mode for
> this Site-to-Site VPN with a branch office, it appears if I enable this I
> could see better performance, any reason I wouldn't want to enable Wire
> Mode for this VPN? This Branch office is a building we have in Mexico,
the
> Edge firewall at that location controls their access to the internet and
> the VPN to the NGX Splat firewall at this location, I would think this
> would be considered trusted.
>
> It appears to enable Wire Mode, I just need to enable it on the VPN
> Community and the NGX firewall object. I don't see any Wire Mode
settings
> on the Edge object.
>
> John
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
_________________________________________________________________
Make Windows Vista more reliable and secure with Windows Vista Service Pack
1.
http://www.windowsvista.com/SP1?WT.mc_id=hotmailvistasp1banner
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
