1
Download Configuring the - Check Point Software Technologies, Ltd.
Transcript
A connection that matches an Encrypt rule is encrypted (or decrypted) and forwarded by the gateways enforcing the policy. There are two exceptions: 1. If the source or the destination are behind the security gateway, but are not in the VPN Domain of the gateway, the connection is dropped. For example, referring to Figure B-1 and Table B-1, if Source X is in Net_C and Destination Y is in Net_D, gateway 1 drops the connection. This is because the Action says Encrypt but the connection cannot be encrypted because the source is not in the Encryption Domain of gateway 1. 2. If the source and destination are inside the encryption Domain of the same gateway. In this case, the connection is accepted in the clear. For example, referring to Figure B-1 and Table B-1, if Source X is in Net_A and Destination Y is in Net_B, the connection originates at X and reaches the gateway, which forwards the response back to Y. The connection is not encrypted because there is no peer gateway for Y that could decrypt the connection. A SmartView Tracker log is issued “Both endpoint are in the Encryption Domain”. Appendix B 721
