Harpal,
I don't think this can be done. I think you would have to move the fw
management over to the firewall to accomplish this. You should be
able to open the access in an encrypted fashion. At worst, you only
open up to the management server on a given port - a port used for
just that function.
Opinion: Although you do open up a 'small' hole, I think in the long run
this is quite safe. Just keep up on Bugtraq et'al to see if someone has
documented a new/known exploit.
While testing, sniff the connection to verify what you can/can't see.
This way you know what is 'open' for the world to see.
Good question!
Best of Luck!
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Harpal Parmar" <[EMAIL PROTECTED]> 6/2/00 7:15:28 PM >>>
>
>Hi
>
>We recently upgraded to Checkpoint 2000. We are running a distributed
>environment (ie management server
>on a separate box, firewall module on a different box). I'm trying to
>run secureclient in this environment, and
>would prefer to have the policy server reside on the firewall as opposed
>to the management server so I don't
>need to open up access to the management server from the internet. Has
>anyone had any experience (good
>or bad) in this type of setup? Does anyone know if this can be done?
>
>Any feedback would be greatly appreciated.
>
>thanks
>Harpal
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
