As Carlo said, it should not be necessary to di further encryption, SCS and remote gateway will be communicating securely onces SIC is established, but if you want to make things more complicated, remember a Check Point firewall is able to do VPN against any device working with standard IPSec, so I guess you can configure your local firewall (not Check Point) to establish a VPN against the remote gateway and make sure al traffic between that and the local SCS is encrypted.
Regards On Mon, May 9, 2011 at 3:53 AM, carlopmart <[email protected]> wrote: > On 05/08/2011 01:05 AM, Independent IT Consultant wrote: > >> I don't understand the need for the 3rd firewall. All communications >> between the gateway and management are already encrypted (that's the point >> of SIC --"SECURE" Internal Communications). >> >> > I think I have not explained very well. This is my schema: > > SCS Server ---> Firewall (not CP) -----> Internet -----> Remote > SecurePlatorm FW R70.4 > > I would like to encrypt all communications between SCS and the remote Splat > gw with a strong algorithm that CP uses, like an ipsec tunnel. If I not > worng, CP uses ssl-based tunnels to communicate gws and SCS servers. Is that > correct?? > > Can I use an ipsec tunnel (or another strong communication algortihm than > ssl) to encrypt these communications?? > > > Thanks. > > > -- > CL Martinez > carlopmart {at} gmail {d0t} com > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > Scanned by Check Point Total Security Gateway. > -- Sergio Alvarez CISSP | CCSE+ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
