Set the topology and the VPN encryption domain. We setup the basic settings for the firewall object and generate a Certificate Request. Now we have a certificate authority under subordinate CA List too:Īnd now comes the firewall setup. Next step is to import the subordinate CA: (You can generate one with openssl and put it on a http server):Īnd import the ca certificate for the root ca. We do not use CRL now, it can be disabled, but the client certificates should be checked on the CRL List in a live system. The root ca can be found now under the trusted CA list:īefore we import the certificate, we have to change here something. (Generate root ca and subordinate ca woth openssl is documented on other older posts) In this example I have a certificate chain with a root CA and one subordinate CA. Lets start to configure the wholse stuff. In this example I illustrate how to use an external CA for remote access VPN with Checkpoint R75 Client. For large enterprises or for companies with existing CA infrasturcture it is worth to use their certificates, because it gives much more flexibility. Checkpoint has a complete Certificate Authority infrastructure and I would use it for small and medium sized businesses where there is only some user for remote access.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |