[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FreeS/WAN as a Linux "SecureClient"
>never tried to setup the secureclient piece... i didn't know there that >FreeS/WAN allowed you use that CP feature. i'm not well verse in >secureclient as it is. why can't you just use iptables as your firewall >and FreeS/WAN as your VPN client? i thought secureclient allowed you to >setup a FW-like policy for remote users on their own machines... kinda >like a mini firewall? are you saying that there is a FreeS/WAN module >that accomplishes this? interesting... i imagine you can just use >iptables and be done with it. Maybe I should clear this up a bit. Basically we want SC features (client side FW, VPN to Checkpoint FW). I don't think it acutally supports CP feautres, other than the VPN characteristics. What we are evaluating is requests for remote access by home users and traveling employees. Home users will entail mostly developers who are comfortable on unix so they want to be able to get in via their unix workstations. IPtables are fine, you just run into the same problem as with using SecurRemote by itself....you have to trust that the users will configure it correctly and keep it running. Basically meaning...don't trust them to. I guess the one way to do this is be very restrictive on the services we allow the enctrypted VPN users to have over FreeS/WAN. You still run the risk of the end user using his VPN box as a gateway, getting hacked and having people come in over that SSH pipe. We may just have to wait til SC for Linux/Solaris comes out. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|