RE: [FW1] Management link between firewall modules

Thu, 10 Aug 2000 08:00:39 -0700 


You can use the Internet to push policies and receive logs.  A private
network could be slightly faster depending on available bandwidth.

Everything can go through the VPN you have if you tell the remote FW to use
management on an IP that routes through the VPN.  (e.g., an IP in the
encryption domain.)

Encryption between the FW and management will depend on what you are using
(FWZ, Skey, etc.), but if there is a VPN it won't matter as much.

This is a common thing for centrally located management and remote FW's.  It
has its good points like the ability to remove or reduce costs by lessening
bandwidth or removing the private connection.  It also has bad points like
the risk of single point of failure for office to office communications and
the overhead of pushing all the traffic out over the Internet.

Rob Cryan
Solutions Integration Manager
infinitespace.com
Two Westborough Business Park
Westborough, MA 01581
Office: 508.870.4714


        -----Original Message-----
        From:   [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
        Sent:   Thursday, August 10, 2000 9:32 AM
        To:     [EMAIL PROTECTED]
        Subject:        [FW1] Management link between firewall modules




        Does anyone know what are the ramifications of managing multiple VPN
Firewall
        modules over the Internet instead of managing
        them thru a frame network?
        I currently mange them thru our frame network.  All the Firewall log
are sent
        thru the frame and the rest of our traffic is
        sent via VPN thru the Internet.
        Can you mange VPN Firewall module thru the Internet? (Logging data
and pushing
        policies will be sent to Management Station thru the Internet).

        If so, what type of encryption does the Management Station establish
with the
        Firewall module?
        Also, is the Firewall logging being sent to the Management Station
encrypted?
        What type of encryption?


        We are running FW 4.1


        Thanks

        AC




        
============================================================================
====
             To unsubscribe from this mailing list, please see the
instructions at
                       http://www.checkpoint.com/services/mailing.html
        
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to