[FW-1] Edge setup - getting close!

Subject:	[FW-1] Edge setup - getting close!
From:	Ray <sixsigma44 AT HOTMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 23 Jun 2004 19:49:29 -0400

I have the Edge X box set in a VPN Mesh community and it is talking back and
forth to the primary gateway's encryption domain. These are the only two
objects in the community so far.

First problem: We need all traffic from the Edge box routed down the VPN,
even Internet traffic. When setting up an Edge box manually, there is a
setup dialog do to just this. With it part of the community, I can't figure
out how to route non-VPN Domain traffic down the VPN to the main gateway.
This non-VPN Domain traffic isn't even getting logged anywhere that I can
find. It seems to be getting dropped by the Edge firewall. A traceroute from
the Edge internal network to an Internet address ends at the internal
interface of the Edge box.

Second problem: How do I get the Edge box to send its logs to the
SmartCenter server? I can't see that it's doing that.

Question: Some docs I got from Check Point show a sample Edge rule of

Source: Dynamic Object InternalNet, Dynamic Object DMZ Net, and whaetever
that third default dynamic object is.

Destination: Any
Accept
Install on EdgeProfile

Since I am using different internal IP ranges for each Edge box, why would I
need these? I have to confess that the only dynamic object I really
understand is using a DHCP external interface.

We're trying to replace frame connections with Edge boxes and not re-IP
anything.

Thanks for any help and guidance you can lend,

Ray

_________________________________________________________________
MSN 9 Dial-up Internet Access fights spam and pop-ups ? now 3 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Edge setup - getting close!, Ray <= Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Chris Hoff Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Stala Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Stala Re: [FW-1] Edge setup - getting close!, Chris Hoff Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Chris Hoff Re: [FW-1] Edge setup - getting close!, Ray

Previous by Date:	Re: [FW-1] VPN-1 Edge device, Ray
Next by Date:	Re: [FW-1] Edge setup - getting close!, Ray
Previous by Thread:	[FW-1] Office Mode from inside & anti-spoofing - is there a cure?, Ray
Next by Thread:	Re: [FW-1] Edge setup - getting close!, Ray
Indexes:	[Date] [Thread] [Top] [All Lists]