The Best Damn Firewall Book Period

2017-07-07 02:10:07

The SecuRemote client software must be installed on all the users' workstations or laptops to whom you as an administrator would like to give mobile access to your VPN domain. SecuRemote presently supports Windows 2000, NT, 98, and ME, and typically requires 32 to 64MB of RAM and about 6MB of disk space to install. It cannot be installed alongside Firewall-1. (As of this writing, SecuRemote version 4.1 SP5 for Windows 2000 can be installed on Windows XP. SecuRemote NG FP1 has a native Windows XP version.) There is also a Macintosh version that supports OS 8 and OS 9.

The client software works by inserting a driver between the client's physical network interface and the TCP/IP stack, in the operating system kernel. This kernel module monitors outbound TCP/IP traffic, and intercepts any packet destined for a VPN domain (from topology downloaded during site creation or update). The packet is then handed off to a user-space daemon, which handles user authentication and key exchange with the SecuRemote server, as well as encryption, should authentication succeed.

Installation is handled by a fairly straightforward graphical setup program; however, there are some points worth noting:

You only need to install Desktop Security Support if you are using Secure Client (see Figure 16.17).

Figure 16.17: SecuRemote Desktop Security Prompt During Installation

If you do not install Desktop Security, you will be asked on which adapters to bind the SecuRemote kernel module (see Figure 16.18). You can choose from Install on all network adapters, (which would include Ethernet and dial-up adapters) or Install on dialup adapters only. The latter would be appropriate for remote users with a dial-up ISP who would never use their Ethernet interface to access the VPN domain from the outside. Mobile salespeople often fall into this category; they use dial-up access when on the road, and Ethernet to plug into the LAN when they are in the office.

Figure 16.18: SecuRemote Adapter Configuration Screen During Installation

You can install over an older version of SecuRemote. You will be asked if you want to update the previous version, (which saves site and password information), or if you would like to overwrite the existing version.

Although the client software is available for free download, a license is still required to use SecuRemote with Check Point NG.

Категории