diff --git a/en_US.ISO8859-1/articles/checkpoint/article.sgml b/en_US.ISO8859-1/articles/checkpoint/article.sgml index efa1e2d4b3..ecd615d24a 100644 --- a/en_US.ISO8859-1/articles/checkpoint/article.sgml +++ b/en_US.ISO8859-1/articles/checkpoint/article.sgml @@ -93,7 +93,7 @@ FW-1 Protected Nets Internal Nets 199.208.192.0/24 192.168.10.0/24 - The FreeBSD gateway (GW serves as a firewall and + The FreeBSD gateway GW serves as a firewall and NAT device for internal nets. The FreeBSD kernel must be compiled to support IPSec. @@ -104,7 +104,7 @@ options IPSEC_ESP options IPSEC_DEBUG For instructions on building a custom kernel, refer to the - + FreeBSD handbook. Please note that IP protocol 50 (ESP) and UDP port 500 must be open between the Firewall-1 @@ -142,7 +142,7 @@ Authentication Method: (Do not use our example.) Support Aggressive Mode: Checked -Supports Subnets: Checked +Supports Subnets: Checked After setting the pre-shared secret in the Firewall-1 Network Object definition, place this secret in @@ -213,8 +213,8 @@ Use Perfect Forward Secrecy: Checked # IP addresses # # External Interface External Interface -# 208.229.100.6 216.218.197.2 -# | | +# 208.229.100.6 216.218.197.2 +# | | # +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+ # | | # FW-1 Protected Nets Internal Nets @@ -304,7 +304,7 @@ END #certificate_type x509 "" ""; nonce_size 16; - lifetime time 10 min; # sec,min,hour + lifetime time 10 min; # sec,min,hour lifetime byte 5 MB; # B,KB,GB initial_contact on; support_mip6 on;