On 05/10/2011 12:49 PM, Alexey Baltacov wrote:
Checkpoint VPN is policy based, even in tunnel mode, so you are unable
to configure IPSEC settings via the command line on GW.
It is also not recommended to encrypt SIC communications, because in
case of VPN down or Policy problem you will loose access to the
gateway and will be unable to install new policy before unload local
Bottom line, in case of any problem with encrypted communications, for
any reason, your steps to fix it will be complicated
Alexey
Thanks Alexey. I am evaluating prons and cons about encrypt
communications between SCS and splat gateway using ipsec or another type
of encryption.
But doing some scans with nessus and nmap against this splat remote gw,
all revealed that it is a CheckPoint firewall.
Can I almost change this?? I have installed a default policy with only
two rules:
a) SCS to GW, allow all ports.
b) Any to GW, deny all (stealth rule)
I don't have IPS soft blade license.
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
