We have 2 checkpoint locations, both running SPLAT NG AI R55.
One location has a cluster running HFA09 (with VPN using simplified
mode), the other has a stand alone gateway/management server running
HFA16 (with VPN using traditional mode). When the servers were built
l configured the management web interface to listen on port 8443, to
free up the HTTPS port for future VPN use.
At the location with the cluster we have configured VPN access via
the normal method, and via HTTPS, and l would like to do the same
with the stand alone gateway/management server, but l must admit that
l have forgotten how.
l think l need to perform the following, but would like confirmation
(or correction) as to whether this will achieve it, and whether it
will affect current VPN tunnels:
1) Edit the checkpoint gateway object and under the "Remote
Access" tab, check "support visitor mode", with the allocated port as HTTPS.
2) Select connection profiles from the "manage/remote access"
tab, and create 2 connections, one allowing visitor mode, and one not
allowing it (there are currently no profiles on this firewall).
The "connection profiles" configuration we have on the cluster is
different from what l have stated above, but it seems to work. The
visitor mode button is not checked on either of the 2 profiles, the
only difference being that "support office mode" is checked on the
HTTPS profile, even though "Office mode" is disabled under the cluster.
Will creating the connection profiles on this gateway/management
server break current VPN tunnels? Will there be any tunnel downtime
during configuration?
Will there be any benefit changing the gateway/management server's
VPN to simplified mode? If l do change it will it break current VPN
tunnels? (including the one between these to firewalls).
Sorry for so many questions, but l wish to get it right, and try to
provide as much information as possible.
Thanks in advance.
Alan
Alan C. Choyna
Director of Infrastructure
Pathfinder Associates, LLC
<http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com
Internet Strategy Business Consultants
<mailto:achoyna AT pathfinderassoc DOT com>mailto:achoyna@pathf<mailto:achoyna AT pathfinderassoc DOT com>.com
Business telephone (312) 372-1058 ext 6003. Mobile (773) 255-6662
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
