On Tue, 27 May 1997, Martin Khoo wrote:
> Traffic between the GUI client and the Mgmt. server is encrypted (it has
> nothing to do with whether it is a VPN or non-VPN version) using
> Checkpoint's encryption algo. called FWZ1 (if I remember correctly)
The GUI client and the Mgmt. server must be both of the same kind, meaning
that non-VPN GUI can only control non-VPN Mgmt. server and VPN GUI can
only control VPN Mgmt. server. Also the VPN versions must be both the same
(either both using FWZ1 or both using DES). So there are 3 different
possibilities and yes, it _has_ something to do whether it is a VPN or
non-VPN version. There are also similar things going on between the
Management Server and the Firewall Module.
I am not sure what happens if non-VPN GUI and non-VPN Management server
talk to each other. I am pretty sure, that in this case, where you have
not purchased the encryption module, the control traffic from and to the
FW-1 will _NOT_ be encrypted. Then again I might be mistaken here, may be
someone can correct me.
AS Stallion Ltd.