One alternative approach which might be worth considering is to put
the Firewall behind a router which does the actual dialing. The router
would need to do hiding NAT to hide everything behind the IP address
that gets assigned to it's WAN interface - there are lots of inexpensive
routers that can do this. The Firewall would then use fixed private RFC1918
addresses for both external and internal IP addresses.
The main problem with this is that it precludes inbound connections - you'll
only be able to establish outbound connections because of the router NAT.
This means that SecuRemote won't work at all.
However, it is one way to get Firewall-1 to work with a single-dynamic IP
dial-up Internet account.
BTW, I'd be interested to hear if you get Firewall-1 working with RRAS.
Roy Hills
NTA Monitor Ltd
At 00:00 04/06/00 +0200, Michel Toussaint wrote:
>Nice one, thanks:
>I'll build a small lab in order to test this.
>For RRAS, I think it's on the list of supported stuffs for Checkpoint FW-1
>4.0
>But maybe they meant it's compatible in term of tcp/ip service and not for
>the interface itself on the gateway.
>Anyway, a test is necessary now.
>Another solution, I foresee to test, is to have a very simple gateway using
>Winroute and to use Securemote on each stations in IKE. (Will not work in
>FWZ but should in IKE, according to what I've read)
>
>Thanks.
--
Roy Hills Tel: +44 1634 721855
NTA Monitor Ltd FAX: +44 1634 721844
14 Ashford House, Beaufort Court,
Medway City Estate, Email: [EMAIL PROTECTED]
Rochester, Kent ME2 4FA, UK WWW: http://www.nta-monitor.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
