[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecureRemote and Rulebases
Thanks Tom, So my understanding is that it will work fine but you have to open up the SecureRemote connections to all ports on the exchange server. I guess this is not the greatest problem but does anyone think there are issues, better still is there a way of doing this without opening everything up (short of the registry changes on the Exchange box). Also, so I am clear. When the NetBIOS RPC port mapper requests a new port to be opened between Outlook and Exchange, is this connection from the client to the server or the other way round? Anybody with any experience with this?? Thanks Russell Goodwin -----Original Message----- From: Reynolds, Tom [mailto:[email protected]] Sent: 25 October 2000 20:42 To: 'Goodwin, Russell'; '[email protected]' Subject: RE: [FW1] SecureRemote and Rulebases If you setup your Secure Remote correctly, you might find that getting OUTLOOK to talk to Exchange might be one of the easiest things you'll need to do. We had no issues with Outlook Connectivity. We use an Lmhosts file for name resolution, and as I look at the FW logs, I see port 135, 1046, and 1081 connectivity, all being decrypted properly. We have a separate rule for VPN traffic, vpnusers@any - EncryptionNetworks - Any - ClientEncrypt. We also created a separate pool of addresses for SecureRemote clients coming for the internet to be NATed to. As long as the server you need access to is in the EncryptedNetworks object, you'll be fine. Tom Reynolds, MCSE, CCNA _________________________ Pilgrim Baxter and Associates Network Security and Engineering 825 Duportail Rd. Wayne, Pennsylvania [email protected] -----Original Message----- From: Goodwin, Russell [mailto:[email protected]] Sent: Wednesday, October 25, 2000 10:59 AM To: '[email protected]' Subject: [FW1] SecureRemote and Rulebases Hello everyone! Please excuse me as my experince with SecureRemote is limited. I would like to know how the rulebase interacts with SecureRemote users. The reason I ask is because a SecureRemote user wants to access a MS Exchange box on the network I have from the Outlook client. I understand that the way MS's RPC port-mapper works for Outlook is not supported by FW-1. I need to know if this will be an issue for SecureRemote users or not. I know a change can be hacked into the Exchange box to fix the ports that are used down, I would like to know if I really have to do this. Summing up, are SecureRemote users using SecureID subject to the same rules as other traffic arriving on the external interface? Does anyone know of a way to make FW-1 support the RPC port mapper on exchange, the initial request comes in on TCP135 and then 2 random ports are mapped back to the client. I understand that this is different from the Unix RPC support in the Properties menu. I suspect NO, I am more than happy to be corrected. Any help would be greatly appreciated. Russell Goodwin ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|