136
C
HAPTER
9: C
ONFIGURING
V
IRTUAL
P
RIVATE
N
ETWORK
S
ERVICES
f
Select
Gateway
for the Type.
g
Leave the
Firewall-1 Installed
box unchecked.
h
Go to the Encryption Tab. Select the
Other
radio button and select the
Group or Network the Firewall will be encrypting for.
i
Select the encryption method
Manual IPSEC
.
j
Press the
OK
button when finished.
5
Create the SPI key(s) needed to synchronize encryption algorithms.
a
From the
Manage
menu select the
Keys
option.
b
Press the
New
button and select
SPI
.
c
Give the SPI value a unique hexadecimal value.
d
Give the SPI key a comment (optional).
e
Check the
ESP
box and select
DES
as Encryption Algorithm.
f
Make sure that the
AH
box is unchecked (ignore any warning.)
Authentication Algorithm
field should be grayed out.
g
Enter an Encryption Key (must be 16 hexadecimal characters.)
Authentication Key
field should be grayed out.
The Encryption Key and SPI Key number must match the settings on
the remote Firewall for the VPN to work.
6
Now you must create a rule to allow the Check Point Firewall to exchange
IPSEC packets with the remote Firewall.
From the
Edit
menu, select
Add Rule
.
This rule should be added below any Client VPN rules (for SecuRemote to
work properly) and above the normal resource access rules. The rule
should contain both firewall objects (Check Point Firewall-1 and Firewall),
the services should be
IPSEC
group and it should be
Accepted
. Logging is
optional and should be used to debug any problems.
7
Next you need to add a rule to allow the two networks/groups to send
encrypted data to each other.
This rule should follow right after the firewall IPSec packet exchange rule.
The rule should contain both the local network/group with the remote
network/group. You can limit the services that are allowed to traverse the
VPN tunnel. The action for this rule should be “
Encrypt.
”
8
Right click the
Encrypt
action and select
Edit Properties.
DUA1611-0AAA02.book Page 136 Thursday, August 2, 2001 4:01 PM
Содержание 3C16111 - SuperStack 3 Firewall Web Site Filter
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM ...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM ...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM ...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM ...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM ...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...