On Wed, 9 Jan 2002, Jeff Newmiller wrote: <snip> > More difficult ones need helper modules to watch the outgoing protocol and > build on-the-fly port forwarding rules for the return connections. If > there are no programmers around with the appropriate incentive, such > modules won't be written. > > Checkpoint's FWZ won't work because it is proprietary, encrypted, and if > anyone could reverse engineer the protcol, it wouldn't be worth much, > would it? The frustrating thing is that Checkpoint ALSO supports IPSec, > but your other endpoints may refuse to use it. >
Supports is a questionable word :-) Cross-platform IPSec usage usually requires dedicating a crypto-map (and hence, an entire physical interfacE) from the other device to the CheckPoint tunnel. I know this is true of Cisco and Nortel VPN gear. -- Jack Coates Monkeynoodle: A Scientific Venture... _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user