From: Tom E. <te...@sh...> - 2003-03-23 14:42:10
|
On Sun, 23 Mar 2003, Matt Perry wrote: > > 2.4 What is FWZ? > > > > FWZ is a proprietary encryption protocol developed by Check Point Software > > Technologies. It is used in VPNs that are built around their Firewall-1 > > product. > > > > A Checkpoint-based firewall can be configured in several modes. The "FWZ > > Encapsulation" mode cannot be masqueraded. The "IKE" mode, which uses > > standard IPsec protocols, can be masqueraded with minor configuration > > changes on the VPN gateway. > > Yes, I have read this. I was not clear on the part of statement > saying "minor configuration changes on the VPN gateway". > > 1. > If IKE mode is used does this imply one will always need > these changes made on the VPN gateway if one is using SNAT > on the individual's home network? > > 2. > Can I assume that the "VPN gateway" in this sentence is the > box running the corporate FW-1 Checkpoint firewall in my > particular case? > > 3. > Do I need to ask Corporate if ESP with NAT traversal is > enabled on the FW-1 Checkpoint firewall? In other words, > is that the "minor configuration" I need to have them make > in order to get things working (or at least one of them)? > > It appears from your quote of the VPN Masq HOWTO I made > the erroneous assumption that since I was able to use IKE > successfully without a firewall on my side that ESP with > NAT traversal had been enabled on Corporate's firewall. > Said another way, success with IKE used and no firewall > on my end does not imply this configuration change on the > FW-1 firewall. > Hope someone else can answer your questions -- I know nothing more about FW-1's than what I've read on the site I'm quoting. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ te...@sh... |