Counter question, what happens when a vpn key is exchanged for a certificate based vpn when the CA CRL can not be checked?
If you have VPNs that are certificate based rather than pre-shared based (checkpoint to checkpoint internal primarily), you may see VPN drops when the CRL cannot be checked on the management station. Ted Serreyn On 11/9/11 8:24 AM, "Liu, Huiqi" <[email protected]> wrote: >Hello, > >Just want to check on this - as it has been a while since this occurred, >and I'm hearing different stories. > >We are planning to shut down the management station (as a DR exercise) >for 24 hours. Will this cause any problems with enforcements that are >managed by it, and any VPNs? We can't push any policies obviously, but >the enforcements should stay up, right? > >We are on R75.20, and a distributed environment. > >Many thanks, > >Huiqi > > >Scanned by Check Point Total Security Gateway. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= > >Email secured by Check Point > Email secured by Check Point Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
