I am planning to install 4.1 in distributed mode in our lab. there will be 4 machines. 2 fw/vpn server modules and 2 managment modules. Before i start i would like to tap the rich experience here and ask some questions.
1. which module should i install first, the fw/vpn server or the managment server? which is easier or works better?
2. The checkpoint admin guide says to make sure the host name of the fw/vpn module resolves to the external interface of that host. If for example my fw/vpn server host name is gateway1 and i have that resolving to the ex. interface how can the managment server see the fw server when i try to add the network object gateway1 or do the put keys to gateway1? The checkpoint guide is very unclear on this and many other issues. I was wanting the external int. to resolve to my domain name like, gateway1.test.com.
I plan on setting up the vpn server as well so the external interface would need to resolve to vpn.test.com
3. What is the secure server option? Checkpoint shows it as an option during module installation but gives no clues as to what it really does or how it differs from the mngmt/module or fw/vpn module. I need vpn for the test as i will have some road warriors using the secure remote client. Will my fw/vpn gateway also function as the vpn server or does this require another machine running the secure server?
thanks in advance for all help,
1. which module should i install first, the fw/vpn server or the managment server? which is easier or works better?
2. The checkpoint admin guide says to make sure the host name of the fw/vpn module resolves to the external interface of that host. If for example my fw/vpn server host name is gateway1 and i have that resolving to the ex. interface how can the managment server see the fw server when i try to add the network object gateway1 or do the put keys to gateway1? The checkpoint guide is very unclear on this and many other issues. I was wanting the external int. to resolve to my domain name like, gateway1.test.com.
I plan on setting up the vpn server as well so the external interface would need to resolve to vpn.test.com
3. What is the secure server option? Checkpoint shows it as an option during module installation but gives no clues as to what it really does or how it differs from the mngmt/module or fw/vpn module. I need vpn for the test as i will have some road warriors using the secure remote client. Will my fw/vpn gateway also function as the vpn server or does this require another machine running the secure server?
thanks in advance for all help,