Greetings list,
Administratively, how do you deal with firewall policy changes with VPN
connections to non-Checkpoint systems, ala Cisco, SonicWall, FreeSwan,
etc.? Under 4.1 SP2, if a new policy is pushed to an enforcement point,
SA's between VPN-1 firewalls automatically get reestablished while other
IPsec clients/gateways need to clear or restart IPsec services. This is
fine for one or two VPN connections but becomes burdensome when dealing
with 7-8 sites or multiple policy changes per day.
Has anyone checked to see if SP3 allows non-Checkpoint IPsec devices to
gracefully reestablish SA's, or other helpful hints on dealing with
these types of changes? I'm also interested if Checkpoint users have
migrated to IPsec-specific devices, and only use VPN-1 for SecuRemote
users.
Cheers,
--- Gavin
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
