I have heard (from a support vendor) that FW-1 (v4 at least) does not fully support
PPTP. I believe the problem had to do with dynamic port allocation done by PPTP and
STATIC NAT rules on a firewall when the PPTP server is a box on onside of the
firewall with a private address that is translated by the firewall to a publicly
routeable address and the client is on the internet with its own publicly routeable
address. Can anyone confirm or deny this rumor (should denial be the direction,
step by step setup would be helpful as we obviously don't have a clue - regardless
of what we thought).
Bill
Rob Cryan wrote:
> I will dispense with the MS bashing...
>
> You can use MS PPTP though it is not elegant or extremely secure. It will,
> however, give you a low-cost workaround to the more industrial strength
> solutions. I have seen it work with FW-1 on NT4. In this case it works
> quite well and, as you indicated, it was much cheaper than the VPN-1
> solution.
>
> I am not sure that I would use the WEB server though. I might (budget
> permitting) use a separate server for this purpose. Of course, this option
> is open for debate.
>
> The real proof is doing the cost analysis comparing maintaining ISP accounts
> vs. the current solution. There are some free ISP solutions in the US, but
> they are relatively slow due to some overhead associated with advertising.
> This coupled with the overhead of encryption (CheckPoint or MS) may be too
> much for your users to take.
>
> Rob Cryan
> Solutions Integration Manager
> infinitespace.com
> Two Westborough Business Park
> Westborough, MA 01581
> Office: 508.870.4714
>
> -----Original Message-----
> From: Shane Hill [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, July 07, 2000 10:02 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Microsoft VPN - a solution?
>
> Hi Gurus,
>
> Sorry if this is slightly off the FW-1 topic.
>
> I have about ten mobile users, some of which travel globally.
> All dial into my DMZ for internet / mail access.
>
> I thought I'd put VPN-1 module onto my NT4 FW-1 server,
> have the users dial an ISP then create a VPN back to the office
> and as if by magic telephone charges are reduced and I can remove
> the dial
> in modems.
>
> But the VPN-1 module is just too pricey for my small base of
> mobile/home
> users.
>
> Should I look at placing a Microsoft VPN solution on the Web server
> in my
> DMZ
> - cheap, but is it a fashion no no?
>
> Or should I stick with my current - working - dial in option?
>
> Any opinions gratefully received.
>
> Microsoft products are quite cheap for academic institutions -
> so not to much MS bashing if it can be helped. ;-)
>
> Thanks,
>
> Shane Hill
> [EMAIL PROTECTED]
>
> University of Wales
> University Registry
> King Edward VII Avenue
> Cathays Park
> Cardiff
> CF10 3NS
>
> Tel: 029 20786206
> Fax: 029 20396040
>
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
>
> ============================================================================
> ====
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
