Hey Guys,
I'm looking to define a SecuRemote Client to Firewall-1 v4.1 VPN. I will be
running with an IKE encryption tunnel with a scheme that will use a
certificate approach, in particular Verisign certificates to validate the
users. However I have a no. of questions.
1) In terms of defining the CA Server object, I will be selecting the type
"OPSEC PKI" and the LDAP option to perform ldap lookup's to check certs
against a CRL. I will be using the Get Certificate option to import a root
CA. But where does this get imported to? A directory on the FW, or to say
objects.c? Note that all certs that I will be generating for our clients
will fall under the umbrella of my root CA imported here.
In addition I don't see any correlation between the Get Cert option here and
the Add Certificate on the FW object itself under the Certificates Add
Property sheet? Is the latter the list of user Certs? Do I really need to
define them? CheckPoint documentation is poor here.
2) In terms of defining your LDAP Account Unit object, I will be performing
an LDAP lookup to a directory to perform CRL validation. Does the FW
download this list to a directory location on the FW itself? Or does the CRL
get downloaded to a local Certificate Manager here? Again there is little
documentation here.
I will be using Verisign On-Site to generate SecuRemote user Certs who will
plug these into their roaming laptops.
Perhaps someone can explain how this actually works as I have litle idea
here.
Thanks, Terry G.
Security Administrator
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
