326 Check Point VPN-1/FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions
5.4 SecuRemote client configuration
To use SecuRemote for encrypting traffic to our Encryption Domain, we need
to define a site. To bring up the SecuRemote panel, go to the Window Start
menu, select Programs > SecuRemote. This should start the SecuRemote
daemon; to view the site’s panel, you will need to double-click the
SecuRemote icon on the Task Bar.
You now need to select Sites > Make New. The name for the site is the name
of the VPN-1/Firewall-1 module where the Encryption Domain is defined. You
now need to add in the name of the site and its IP address; we used cpfw for
the name and 220.127.116.11 (the external cluster address) for the IP address.
Click OK; this should fetch data from the site.
If the site definition is successful, you will be reminded to verify that the
information in the site panel is correct. This is to confirm that you have indeed
communicated with the site and not with an imposter. For FWZ, which is what
we used, the IP address and Key ID should be verified, then click OK.Atthis
point, you should see the new site icon, as shown in Figure 129.
Figure 129. VPN-1/Firewall-1 SecuRemote panel
Chapter 5. Implementing High Availability with VPNs 327
You should now be able to test an encrypted session. In our rules, we allowed
for encrypted Telnet and FTP sessions to go to the Web server, so this is
what we tested. When we attempted a telnet, we got an authentication panel
like Figure 130. We filled in our User name and password, as was defined on
the VPN-1/Firewall-1 Module, and then clicked OK.
Figure 130. SecuRemote User Authentication panel
If everything was configured correctly, you should see a panel similar to
Figure 131 on page 328, which shows that the authentication was successful.
We were then able to login successfully.
328 Check Point VPN-1/FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions
Figure 131. SecuRemote successful User Authentication