NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NATing the Management Server



I have done this. once you setup NAT, you might have problems with the
PUTKEYS, I did. checkpoint sent me these steps and it worked our great.

1. fwstop on the management
2. fwstop on the firewall
3.delete the authkeys.C file on the firewall
4.Edit the control.map file on the FireWall module by copying the MASTERS
line and pasting it above the existing MASTERS line.  Change the word
   MASTERS to the invalid IP of the Management module.
5.make sure that the $FWDIR/conf/masters file on the firewall holds
the valid and invalid address of the management server
6.On the Manager: fw putkey <valid managment IP> <firewall IP>
7.On the Manager again: fw putkey <invalid managment IP> <firewall IP>
8.On the FireWall: fw putkey <firewall IP> <valid management IP>
9.On the FireWall again: fw putkey <firewall IP> <invalid management
IP>
10.create in the $FWDIR/conf directory the loggers file. Place the valid
IP of the management in this file
11. fwstart the management
12. fwstart the firewall

-----Original Message-----
From: Byoung Sun Yu [mailto:[email protected]]
Sent: Monday, January 08, 2001 2:22 PM
To: 'David'; [email protected]
Subject: RE: [FW1] NATing the Management Server



You can use unroutable address on management server to control remote FM.
However, setting that up is not that straight forward.
What you need to do is
- Configure NAT for management server and make sure connection can be
established.
- In the masters file of the FM, put valid IP address first AND in the next
line put internal address as well. Alternatively, you can modify control.map
to copy and paste MASTERS line and change the word MASTERS to internal IP
address.
- Run putkey on both sides. Remember that you need to designate internal IP
address in doing putkey on FM

Sounds like complicated? But it should work.

Sun Yu, CISSP
Lucent Worldwide Services


> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> David
> Sent: Monday, January 08, 2001 12:13 PM
> To: [email protected]
> Subject: [FW1] NATing the Management Server
>
>
>
> I have an external FW module in a different office and
> I want it to report to a management server in another
> office. They have no logical connection other than the
> internet. I would assign the FM server a valid IP
> address as its master, then NAT it to my internal
> management server. I would assign the management
> server with an invalid IP address and register the
> license.  As long as I open the proper ports, would
> this be a problem? Or MUST I use a valid IP address on
> the Management Server?
>
> Look forward to hear from someone! Thanks alot!
>
> David
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.