[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Certificate Manager question???

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Certificate Manager question???
From: Eli Tovbeyn <eli@xpert.com>
Date: Thu, 30 Sep 1999 18:41:46 +0200

    [ The following text is in the "windows-1255" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


Hi,
Securemote needs to connect to CA server only when creating new user
(certificate) or recovering it. If user already has the certificate he
doesn't need to talk to LDAP at all.
So you have couple of choices:
1. Users will create their certificates sitting in place ,where they don't
need to use SR.
2. Create certificates by yourself for your users (sic!)
3. user can first establish encrypted tunnel using SR + IKE preshared secret
or FWZ password and then create the certificate. In this case you should
allow those ports via Client encrypt.
4. Open those ports - without "client encrypt" of coarse.

All of my previous solutions are true (IMHO) for CM 1.0 . I haven't seen CM
4.1 yet...

-----------------------------------------------------------------
Eli Tovbeyn                           eli@xpert.com
 Senior Consultant               +972-9-9522378
  Xpert Trusted Systems   +972-5-3574884




> -----Original Message-----
> From: owner-fw-1-mailinglist@lists.us.checkpoint.com
> [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of
> michael slavinsky
> Sent: Thursday, September 30, 1999 4:43 PM
> To: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: [FW1] Certificate Manager question???
>
>
>
> I am trying to get the Certificate Manager 4.1 product working and was
> wondering if anyone has experience with the following...
> My CA/LDAP server are on the same box (NT), the management server is
> separate and the pfm is the secureremote server.   Question???
> the documentation states to open up TCP ports 709, 710, 389 between your
> secureremote clients and the CA/LDAP server.   Can I open up
> these ports in
> the client encrypt rule or do I have to create a rule prior to the client
> encrypt rule and allow "any" source to access the CA/LDAP server on these
> ports.  Are there any vulnerabilities with opening up these ports.   i.e.
> compromising the CA???   any help is appreciated.   Mike
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
>
> ==================================================================
> ==============
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Exceed xterm through Securemote/VPN
Next by Date: [FW1] Solaris 7?
Prev by thread: [FW1] Certificate Manager question???
Next by thread: [FW1] VPN problems, or NAT problems generally.
Index(es):
- Date
- Thread