I have SunScreen Firewall managed by a remote management station using SKIP
between them.
SunScreen SKIP is installed on the remote management station on one of the
interfaces.
However when I install a Firewall-1 module on the remote management station,
SKIP nolonger works. Basically the Firewall-1 inspection module jumps in and
is dropped by rule 0 logging "Decryption Failure: Source object not in
database scheme".
Because its dropped by rule 0 adding rules to the rule base to try and let
this through have no effect.
I had two thoughts:
1) Stop Firewall-1 being active on the interface with SKIP on - everything
I've read suggests that Firewall cannot be selectively installed on
interfaces.
2) Disable SUNScreen SKIP on the remote management station and get the
SunScreen Firewall to exchange SKIP with Firewall-1 SKIP. However SKIP is
set up using a manual key exchange rather than cert authorities. Is it
possible to set Firewal-1 SKIP parameters in a config file somewhere rather
than generating a new key in the GUI?
Any ideas how I go about getting SunScreen SKIP to work to a Firewall-1??
-Steve
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
