There is no node secret between the management station/firewall module and
the Ace server. The way it is established is by adding the firewall to the
Ace server to include all interfaces that it will communicate with. After
you've done this you need to port the sdconf.rec file onto the firewall
module into a directory called ace (/var/ace in unix - c:\winnt\system32 in
Windows) and once the Firewall/Ace server successfully communicate it will
create a file on the Firewall that is the 'node secret'. This is the only
secret that will be shared between the two. Phoneboy (www.phoneboy.com) has
excellent documentation on how to set this up.
Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, March 05, 2001 11:56 AM
To: MikeCC; [EMAIL PROTECTED]
Subject: Re: [FW1] Node Secret
It resides on each enforcement modules.
>
>We are planning to roll out an ACE server. We have a distributed
>Checkpoint environment, separate management and enforcement modules. My
>question is where does the node secret reside on FW-1.
>
>Does it reside on the Management station or on the enforcement module or
both?
>
>
>MikeCC
>http://atrek.org/mikecc
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
