Security

last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

RAP2-WG across WAN through a checkpoint firewall.

This thread has been viewed 0 times

  • 1.  RAP2-WG across WAN through a checkpoint firewall.

    Posted Sep 11, 2012 12:11 PM

    Hi,

     

    The setup is master-standby, they share a vrrp-address. There are about 4 local controllers. No PEF or PEFNG license. 

     

    we have a RAP-2WG connecting from the internet via a checkpoint firewall. 

     

    The RAP comes up fine, if the RAP is in the internal network, in the same vlan as the controllers are in.. 

     

    When its on the internet, the IPSEC SA is formed, ISAKMP SA is also getting formed. We see the RAP up on the controller for about 1:30 minutes & goes down forever. 

     

    Is it mandatory to have a PEFNG license in order to bring up an RAP-2WG?



  • 2.  RE: RAP2-WG across WAN through a checkpoint firewall.

    EMPLOYEE
    Posted Sep 12, 2012 07:35 AM

    Hopefully, you don't have the static NAT pointing to the VRRP address, because having a NAT pointint to a VRRP does not work with firewalls.