Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] PPTP/HIDE NAT

from chkp tech [Permanent Link]
Subject: Re: [FW-1] PPTP/HIDE NAT
From: chkp tech <chkptech AT GMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 10 Jul 2006 09:49:58 -0500 
Greetings,

Sascha, in order to allow PPTP to a Windows Server, you'll want to be at
least HFA_13 (10 officially, I'd recommend at least 13) on R55 and R60 will
allow PPTP traffic without an HFA.  Of course with R55, you'll want to read
the release notes to enforce PPTP.  There are several steps and you'll need
to follow them exactly to allow the traffic.  With R60, you'll need to go
into SmartDefense and click the check box for "VPN Protocols" and then PPTP
Enforcement.

As far as the fwkern.conf file is concerned, you may place any kernel
parameter in the file to be executed upon startup of the Check Point
services.




On 7/6/06, Sascha Picchiantano <sascha AT picchiantano DOT de> wrote:


Hi there again Betrand,


>> - add the line fw_pptp_enforce_protocol=1  in the
>> $FWDIR/modules/fwkern.conf file
>> - declare the pptp_tcp service with type PPTP_TCP

are you sure about the last step? My Checkpoint here does not have a
protocol type of PPTP_TCP in the service parameters.

Thanks
Sascha

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Checkpoint rule base conversion into html page, Tauseef Khan
Next by Date:  [FW-1] Routing between two EXTERNAL interfaces, cisco4ng
Previous by Thread:  Re: [FW-1] PPTP/HIDE NAT, Sascha Picchiantano
Next by Thread:  [FW-1] Réf. : Re: [FW-1] PPTP/HIDE NAT, Bertrand KLOTZ
Indexes:  [Date] [Thread] [Top] [All Lists]