Systems:
Nokia box running CP management/firewall-1 (4.1)
Nt 4 Server running Check Point firewall-1/management (4.1)
Did the following:
At each location, defined network objects on their respective sides & created a group object & dumped the network objects in there.
Same was done on the side that has a temporary Nt4 check point firewall.
configured main site local firwall object with the group created as its encryption domain (this is the group that has the networks behind this firewall)
Did the same on the Nt 4 check point side.
This is where it gets a bit confusing (following a book here); On each site, created the opposite FW wkstation object locally & defined their encryption domain as the one used by the local FW ( the local FW's encryption domain).
then go into the IKE properties and configured the pre-shared secret.
When creating the avtula rules for communication, It seems that i have to define both site's group ( that hold respective encryption domains) on each FW so that i can then create rule to allow actual communication..
thanks for any help, information.
Nokia box running CP management/firewall-1 (4.1)
Nt 4 Server running Check Point firewall-1/management (4.1)
Did the following:
At each location, defined network objects on their respective sides & created a group object & dumped the network objects in there.
Same was done on the side that has a temporary Nt4 check point firewall.
configured main site local firwall object with the group created as its encryption domain (this is the group that has the networks behind this firewall)
Did the same on the Nt 4 check point side.
This is where it gets a bit confusing (following a book here); On each site, created the opposite FW wkstation object locally & defined their encryption domain as the one used by the local FW ( the local FW's encryption domain).
then go into the IKE properties and configured the pre-shared secret.
When creating the avtula rules for communication, It seems that i have to define both site's group ( that hold respective encryption domains) on each FW so that i can then create rule to allow actual communication..
thanks for any help, information.
