[FW-1] IP40 (embedded NG) - SmartCenter integration

Subject:	[FW-1] IP40 (embedded NG) - SmartCenter integration
From:	"Brockhoven, Werner" <werner.brockhoven AT HP DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 24 Jun 2005 17:32:32 +0200

Hi,

Anybody ever deployed one of these and have integrated them into a
regular SmartCenter?

I have the following strange issue.

When deploying the policy from SmartCenter to the edge device (IP40), it
seems like some rules are working and some or not.  When checking the
diagnosis page on the IP40 and the Sofaware Management Server on the
SmartCenter (gui which runs on port 9283), I see the CRC for the policy
matches.  Changes to the vpn community of which the edge is part are
correctly applied.

In fact I'm seeing the following behaviour.  Traffic which comes from
the DMZ or LAN interface and needs to go into the VPN which is
established over the WAN interface is not being enforced by the
SmartCenter policy defined.  All traffic which is destined for the VPN
seems to be permitted by default.  Only by creating rules in the local
IP40 gui, it's possible to limit certain traffic.

Another thing I notice, which may or may not be related, is that in the
SmartView Status, for the edge object, the Policy field is empty. 

I've been through most of the documentation regarding vpn-1 edge and
smartcenter integration, but I could not find any clear information on
how exactly an VPN-1 Edge or embedded NG device integrates into
SmartCenter.  What works, what doesn't work.  I've read about
limitations about using resources and groups with exclusions etc, but
this is not the case here.

I'm running HFA-15 on the SmartCenter and the IP40 is loaded with
IP40v200-FCS01a79.bin firmware.

Any insights are greatly appreciated.

Regards,

Werner
        

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] IP40 (embedded NG) - SmartCenter integration, Brockhoven, Werner <= Re: [FW-1] IP40 (embedded NG) - SmartCenter integration, Ray Re: [FW-1] IP40 (embedded NG) - SmartCenter integration, Brockhoven, Werner Re: [FW-1] IP40 (embedded NG) - SmartCenter integration, Ray Re: [FW-1] IP40 (embedded NG) - SmartCenter integration, Reinhard Stich

Previous by Date:	Re: [FW-1] SecurePlatform, TFTP and backups, Steven S
Next by Date:	[FW-1] SNX question, Michael Haffely
Previous by Thread:	[FW-1] NGx R60 on SecurePlatform in Active/Active, cisco4ng
Next by Thread:	Re: [FW-1] IP40 (embedded NG) - SmartCenter integration, Ray
Indexes:	[Date] [Thread] [Top] [All Lists]