Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote)

from Ray [Permanent Link]
Subject: Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote)
From: Ray <sixsigma44 AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Sat, 18 Sep 2004 16:26:14 -0400 
Another advantage of SecureClient is that it has Office Mode, where you can
assign a specific network to remote users. Office Mode creates a virtual
netwotk adapter when it is connected that routes all remote access traffic.

Use some non-routable network for the Office Mode IP Pool that you don't use
internally and this problem won't exist.

Ray


From: Jean-Francois Gobin <gobin AT GOBINJF DOT BE>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Another.....Another..... Another NAT question
(SecuRemote)
Date: Sat, 18 Sep 2004 18:10:40 +0200

I think then that the best to do is to

(a) Either install a terminal service on his PC or citrix server on a dmz,
and let them access the office through that.

(b) Explain him quietly that SecuRemote has no integrated firewall. Secure
client has.

(c) Use a cisco router or a win server  as a pptp or l2tp 'tunnel end',
and do nat.

(d) Don't assume that the security of an inside net can be compromised
because of someone not willing to pay for a service.

JF


On Fri, 17 Sep 2004, Mateo Cabrera wrote:


But i only can to controllate ONE firewall...!!!

Imagine that i am the president of a company, and i going to travel, and i
located in a hotel with the same subred that my LAN on the company (the
target subnet).
My remote connection to Internet may be a proxy, a nated router...or a
firewall (with the SecuRemote ports open up).
My objetive is to cover any posibilities e.g have the same subnet in both
locations.
What can i do?


Saludos,
Mateo Cabrera - Soporte Tecnico
Security Advisor
www.sadvisor.com


-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]En nombre de
Jean-Francois Gobin
Enviado el: viernes, 17 de septiembre de 2004 11:14
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: Re: [FW-1] Another.....Another..... Another NAT question
(SecuRemote)


Everything is possible, even the most obscure things.

You can try this :

Subnet A --> FW A <--- INET ---> FW B <-- Subnet A

Nat Subnet A on FW B behind NET B, so Subnet A on FW A may attack
Natted
subnet.

On FW A, Nat Subnet A behind NET C.


You should have something like this on your FW :

FW A
----

Subnet A --> NET B * : NET C    --> Original Original
NET B    --> NET C * : Original --> Subnet A Original

FW B
----

Subnet A --> NET C * : NET B    --> Original Original
NET C    --> NET B * : Original --> Subnet A Original

(Or you can "static nat" each host object in its NAT properties).

Another solution is to use a VPN, but in this configuration, you'll have
to insure that host in subnet A are not in subnet B.

JF


On Fri, 17 Sep 2004, Mateo Cabrera wrote:


Hi....guys.

The question today is:

Can i to connect from a subnet A to other subnet A (same subnet local and
remote) with SecuRemote?, without to use Office Mode.


subnet A----->INTERNET---->FW-1----->subnet A


Saludos,
Mateo Cabrera - Soporte Tecnico
Security Advisor
www.sadvisor.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



----------
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be   mailto:gobin AT gobinjf DOT be

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



----------
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be   mailto:gobin AT gobinjf DOT be

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] SPLAT download?, Reinhard Stich
Next by Date:  [FW-1] cpshell, - m o N Z o n -
Previous by Thread:  Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote), Thorsten Behrens
Next by Thread:  Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote), Peter G. Viscarola
Indexes:  [Date] [Thread] [Top] [All Lists]