[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Encryption levels and communication between mgmt and firewall modules
Steve, First off, I didn't really answer your question in the first post, so I hope you don't mind that I cc'd the list with my response to your private post. I/you may get real answers that I fudged through. I placed both posts at the bottom. If you do mind, then would everyone please delete this message without reading it - thanks :) ( '#' refer to private post questions below) The encryption is what-ever the $FWDIR/lib/control.map says it is(negotiated I think). This can also be set to none. The licensed encryption level does not change that. But to answer your question #2, they would have to be the same, and be specified in the $FWDIR/lib/control.map on both. fwa1 is CP? version of encryption and to my knowledge, has not been broken by anyone yet(Dug may dispute this), so I'd leave it alone for now. I'm not positive about the answer to #1, but my feeling is no, the fw can't be 3des, without the mgt station being at the same level. With communications in fw1, the management station plays a big role. If this is so, then your reseller should be kicked in the chops for selling it to you. Mine is 3des all around, which is why I don't know. If this is not true, then I'm sure someone on this list will kick me in the chops. As for #3, technically you are just communicating between the two systems that has an encrypted payload...but then again it depends on who you talk to. I'm not quite sure what you mean in #4, but there are options for 3des for the objects you create which also depends on your licensing for availability. What does your testing show you? I would be interested in your results to some of the 'I'm not sure answers above'. If you've followed this thread to here - you win. And please email, because I didn't ;) Robert - - Robert P. MacDonald, Network Engineer e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "Cantwell, Steve" <[email protected]> 9/29/00 12:29:54 PM >>> Here is the first original message. >Hello Experts: > >Can someone please tell me what type of encryption is used between the Mgmt >Module and Firewall module. > >For instance, when pushing a policy down to a firewall, is the policy being >encrypted? If so, how do you determine what type of encryption would be >used? I do not see a setting to determine this. > >Issue comes that if your management module has a DES key, but your firewall >module is licensed for 3DES. Can you enable 3DES on your firewall module? >In the GUI, which connects to your Mgmt module, will you see any 3DES >options for your encryption types? Here is the private post. >I have modified my question to the following: > >If your management module has a DES key, but your firewall module is >licensed for 3DES. Can you enable 3DES on your firewall module? Do >communications between your mgmt module and firewall module get encrypted >using 3DES? I do not think we are setting up a VPN between the mgmt module >and firewall module, are we? > >In the GUI, which connects to your Mgmt module, will you see any 3DES >options for your encryption types? > >Steve Cantwell ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|