RE: [FW1] Comm between Mgmt console and fw1 module

Wed, 10 Jan 2001 04:51:45 -0800 


Using default control.map entries, yes it does work. 

Quoting Brian Mulford (recent post, but good cookbook on getting
management to work):

>I have done this. once you setup NAT, you might have problems with the
>PUTKEYS, I did. checkpoint sent me these steps and it worked our great.

>1. fwstop on the management
>2. fwstop on the firewall
>3.delete the authkeys.C file on the firewall
>4.Edit the control.map file on the FireWall module by copying the
MASTERS
>line and pasting it above the existing MASTERS line.  Change the word
>   MASTERS to the invalid IP of the Management module.
>5.make sure that the $FWDIR/conf/masters file on the firewall holds
>the valid and invalid address of the management server
>6.On the Manager: fw putkey <valid managment IP> <firewall IP>
>7.On the Manager again: fw putkey <invalid managment IP> <firewall IP>
>8.On the FireWall: fw putkey <firewall IP> <valid management IP>
>9.On the FireWall again: fw putkey <firewall IP> <invalid managementIP>
>10.create in the $FWDIR/conf directory the loggers file. Place the
valid
>IP of the management in this file
>11. fwstart the management
>12. fwstart the firewall


 -----Original Message-----
From:   Scott Becker [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, January 10, 2001 05:50
To:     [EMAIL PROTECTED]
Subject:        [FW1] Comm between Mgmt console and fw1 module


There was some article that explains IPsec will not work with NAT.

If a management console is using private IP address and it manages a
number 
of vpn1 enforcement module thats having public ip addresses, can the 
management module and the firewall module communicate using fwa1 ?

The management module is sitting behind of of the vpn1 enforcement
module 
with internal ip.

ideas ???

Thanks.
________________________________________________________________________
_
Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.



========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to