Hi Frank,
I've been involved with a similar implementation between Auckland
(FireWall-1 v4.1), New Zealand and Tokyo (Watchguard FireBox-II), Japan for
some time now.
If you look at the icsa web site
(http://www.icsa.net/html/communities/ipsec/certification/certified_products
/index.shtml), you'll see that the Firebox appliances are certified as a
firewall, but NOT an IPsec device!!! I dont know why, but I suspect that
this is a problem with the SA key size. The IPSec standard requires keys to
be > 512, however the FireBox-II appears to use a key length much shorter.
Watchguard do have a PDF document that describes how this is supposed to
hang together, however I tried it down to the last ip address and still
couldnt get it to work. By the way, their description of how to implement
FireWall-1 was the suckiest I've ever seen. They really just dont have a
clue!
When I queried Watchguard on their IKE/IPSec implementation, their response
was - "we dont need to get our box independently certified/verified, we do
our own testing in house. Besides which, it works with a Cisco router".
Cisco do not appear on the certified products list either!
Let me know if you get anywhere, I'd be very interested to see what you come
up with.
Cheers
Greg
__________________________________________________________
Please Note: This e-mail is only intended to be read by the named recipient.
It may contain information that is confidential, proprietary or the subject
of legal privilege. If you are not the intended recipient, you must delete
this e-mail and may not use any information contained in it. Legal privilege
is not waived because you have read this e-mail. All content is to be
treated as confidential unless otherwise specified, and is not to be
forwarded to third parties without prior permission by the author. To do so
is a clear breach of the New Zealand Privacy Act.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Olmstead, Frank M.
Sent: 24 October 2000 8:05 a.m.
To: [EMAIL PROTECTED]
Subject: [FW1] Firebox SOHO
Anybody have any luck configuring a Watchguard Firebox SOH to a Checkpoint
FW-1 v. 4.0 ?
Regards,
Frank
______________________
Frank M. Olmstead
IT Manager
Coreco Imaging, Inc.
55 Middlesex Turnpike
Bedford, MA 01730-1421
781.275.2700: phone
781.275.9590: fax
508.353.5493: cell
www.imaging.com
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
