I hope that someone might be able to help me here. I have been using FW-1
(CP2000) to push ACLs to my Cisco Routers for a while now, with no problems.
There are several "VLANS" associated with the routers and as per my FW-1 class,
I have set up the two routers to push the rules "eitherbound". Anyone who is
doing this knows that this will take the rulebase and basically double it for
the routers. It will create the list for inbound traffic, and duplicate it for
outbound traffic. This is done on the interfaces situated on the routers.
Needless to say, the ACL listing is Godzilla in size. I am thinking about
pushing an "any any any accept routers", then importing that into a new
rulebase. I could then be able to make rulebases for each interface separately.
By the way, I am being required by the client to use FW-1 to control the ACLs
for the Cisco's. I am curious as to the feasability of this, or is there any
other solutions I might try.
Also, I need to create a VPN between FW-1 4.0 (12 month eval) and CP2000. Is
this possible?! The knowledge base for Checkpoint has a document but it is
dated 1997 and for version 3.0.
Any help will be greatly appreciated.
Scott McHenry,
Sys Eng / CSC
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
