Hi, I'm currently installing NG-FP1 using private IP's for both the management workstation and the enforcement modules - E.G.
management - 10.0.0.10 firewall-a - 10.0.0.1 firewall-b - 10.0.0.2 This is configured with the "centralised" license scheme and I understand that it is no longer necessary to license against the external IP on the enforcement modules? Instead, the external interface(s) are simply nominated within the firewall object. To allow external access to the management console I will add a static NAT rule. Now for my question! I have a Nokia Box located remotely which I wish to manage using my local management station. Given NG hasn't been released for IPSO yet I don't think I have an issue at present with communication taking place against the external static nat IP of the management station (let's call that 123.0.0.10). What happens if/when I upgrade to NG? I'm using the centralised licensing scheme - I don't license the enforcement module with it's own IP but that of the associated management console - in this case 10.0.0.10. Given this, will this cause issues with communication between the Nokia and my remote management console? Is there a facility within NG enforcement to say that communication to 10.0.0.10 is via 123.0.0.10? Or should I have licensed my management console with a public facing IP (this goes against what I have been taught in the past)? Or can I just get away with licensing the enforcement module with the external management IP? Or just use the "local license" option and license the Nokia external IP? Hopefully there is a simple answer and I've just missed the point! My thanks for reading this. Regards, Steve. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
