136
C
HAPTER
9: C
ONFIGURING
V
IRTUAL
P
RIVATE
N
ETWORK
S
ERVICES
f
Select
Gateway
for the Type.
g
Leave the
Firewall-1 Installed
box unchecked.
h
Go to the Encryption Tab. Select the
Other
radio button and select the
Group or Network the Firewall will be encrypting for.
i
Select the encryption method
Manual IPSEC
.
j
Press the
OK
button when finished.
5
Create the SPI key(s) needed to synchronize encryption algorithms.
a
From the
Manage
menu select the
Keys
option.
b
Press the
New
button and select
SPI
.
c
Give the SPI value a unique hexadecimal value.
d
Give the SPI key a comment (optional).
e
Check the
ESP
box and select
DES
as Encryption Algorithm.
f
Make sure that the
AH
box is unchecked (ignore any warning.)
Authentication Algorithm
field should be grayed out.
g
Enter an Encryption Key (must be 16 hexadecimal characters.)
Authentication Key
field should be grayed out.
The Encryption Key and SPI Key number must match the settings on
the remote Firewall for the VPN to work.
6
Now you must create a rule to allow the Check Point Firewall to exchange
IPSEC packets with the remote Firewall.
From the
Edit
menu, select
Add Rule
.
This rule should be added below any Client VPN rules (for SecuRemote to
work properly) and above the normal resource access rules. The rule
should contain both firewall objects (Check Point Firewall-1 and Firewall),
the services should be
IPSEC
group and it should be
Accepted
. Logging is
optional and should be used to debug any problems.
7
Next you need to add a rule to allow the two networks/groups to send
encrypted data to each other.
This rule should follow right after the firewall IPSec packet exchange rule.
The rule should contain both the local network/group with the remote
network/group. You can limit the services that are allowed to traverse the
VPN tunnel. The action for this rule should be “
Encrypt.
”
8
Right click the
Encrypt
action and select
Edit Properties.
DUA1611-0AAA02.book Page 136 Thursday, August 2, 2001 4:01 PM
Summary of Contents for 3C16111 - SuperStack 3 Firewall Web Site Filter
Page 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Page 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Page 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Page 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Page 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Page 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Page 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Page 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Page 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...