Hi, only a Firewall-Module may act as a Policy Server. This is because only over a Gateway a user can authenticate and make a connection to the "other side" of the Firewall, e.g. the internal net. You define all objects (also Policy Server) and rules in the GUI, save the rules etc. on the Management-Module - and the rules are compiled to act on the Firewall-Module. So you can't define the Management-Module (with only one NIC) as a Policy Server. BTW - Securing the separated Management-Module with Secure Server is a good idea - if an attacker "has" the Management-Module, he or she has the whole Firewall-infrastructure. Hope it helps, best regards, Matthias
Richard Marshall wrote: > Hello, > > Could someone please explain to me what yo need to install to define a > Policy Server for Secure Client. i already have a Secure Client license. > When I try to define a policy server in the GUI it only gives me the option > of defining it on a gateway. I would like to install it on the managment > server. Do i need to install Secure Server on the managment server to do > this? > > I can't find anything of use on either the checkpoint site (surprise...), or > phoneboy. > > Any help would be much appreciated > > Rich > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= -- AERAsec Network Services and Security GmbH Wagenberger Stra�e 1 D-85662 Hohenbrunn, Germany http://www.aerasec.de ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
