RE: [PLUG] CheckPoint Firewall

Charles Stack on Thu, 27 Jan 2000 15:57:26 -0500 (EST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] CheckPoint Firewall

From: "Charles Stack" <charles@codycomp.com>

To: <plug@lists.nothinbut.net>

Subject: RE: [PLUG] CheckPoint Firewall

Date: Thu, 27 Jan 2000 16:00:49 -0500

Reply-to: plug@lists.nothinbut.net

Sender: plug-admin@lists.nothinbut.net

Jason, Do I need to make entries in /etc/protocols on both Win98 client and my linux box? If so, can you supply me with the correct entries? cjs -----Original Message----- From: plug-admin@lists.nothinbut.net [mailto:plug-admin@lists.nothinbut.net]On Behalf Of Jason Costomiris Sent: Thursday, January 27, 2000 12:27 PM To: plug@lists.nothinbut.net Subject: Re: [PLUG] CheckPoint Firewall On Thu, Jan 27, 2000 at 11:06:13AM -0500, Charles Stack wrote: : Anybody ever heard of protocols 47 and 94 in relation to Checkpoint : firewall's secure client product? It has something to do with the transport : layer, but nobody here or at Voicenet's NOC seemed to know what these are. ip protocol 47 == GRE, used in PPTP and other encapsulation protocols. ip protocol 94 == Check Point's FWZ encapsulation. If you're using SecureClient, you're on FW-1 4.1. I don't have any customers using that (all are still on 4.0), and I've only got 4.1 running in my lab of mad science. Here's a checklist to make sure SecuRemote/SecureClient will work: 256/tcp must be permitted from the remote client to the *management console*. Most people believe (incorrectly) that you communicate with the firewall module to get keys and site info. You are actually talking to the MC. 259/udp *both ways* between the firewall module and the remote client. This is used to authenticate and negotiate FWZ session keys. 500/udp *both ways* between the firewall module and the remote client. This is used when negotiating ISAKMP keys. ip_p 94 *both ways* between the firewall module and the remote client. This is for FWZ packet encapsulation (if you're using that) ip_p 50 *both ways* between the firewall module and the remote client. This is used by ISAKMP. -- Jason Costomiris <>< Technologist, cryptogeek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ ______________________________________________________________________ Philadelphia Linux Users Group - http://plug.nothinbut.net Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce General Discussion - http://lists.nothinbut.net/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://plug.nothinbut.net Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce General Discussion - http://lists.nothinbut.net/mail/listinfo/plug

References:

Re: [PLUG] CheckPoint Firewall
From: Jason Costomiris <jcostom@jasons.org>

Prev by Date: RE: [PLUG] CheckPoint Firewall

Next by Date: Re: [PLUG] CheckPoint Firewall

Previous by thread: Re: [PLUG] CheckPoint Firewall

Next by thread: Re: [PLUG] Outlook Like Email Program for Linux, FOUND!!!

Index(es):

Date

Thread