[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] work/home laptop and SecuRemote client
Robert, SecureRemote, when setup properly, will function very well and never needs to be killed. Is your encryption domain setup correctly? This should encompass the networks inside of your private network. This way, when SecureRemote detects that you have local connectivity, it will just ignore all requests and allow traffic to pass as local traffic. When SecureRemote detects traffic bound for your encryption domain and it does not have a local connection, SR will spring to life. A problem that occur often is, the system in question has an IP address in the encryption domain while remote. If this happens then SR will think it's still local. Do you have different setups for these users at home vs work or are these machines equipped with a docking station at work and a PCMCIA at home? Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> Robert Carr <[email protected]> 12/18/00 2:12:40 AM >>> > >SecuRemote assumes the machine on which it is >installed is always "remote": whether at home, or on >the road. What happens if you have a laptop which >serves both as your home machine and your at-work >machine? > >I have several users who use only (NT 4) laptops in >the office and expect to carry them back and forth >between work. Unfortunately, whenever the users are >in the office, as soon as they start up their laptop, >SecuRemote unnecessarily creates a VPN over the >internal network out to the firewall's external >interface (and then back into the network. > >If only a few users do this, it's merely annoying and >inefficient but I wonder if hundreds of my users all >came into the office with SecuRemote on their laptops >and booted up if it wouldn't bring FW-1 to its knees. >If SecuRemote bothered to check the >currently-configured IP to see if it was within an >encryption domain, it could decide whether a VPN was >necessary. > >I could ask users to manually kill SecuRemote when >they're in the office but most probably wouldn't. >Similarly, some of these users have static IPs at home >(while having DHCP at work). Since we've taken >administrative privileges away from them, they can't >change their Network settings (and even if they could, >most would find doing so too inconvenient). > >These two problems have kept me from rolling out >SecuRemote to those users. Has anyone worked out a >less-than-kludgy solution for this? Something that >works even with untrainable users? Something akin to >Apple's Location Manager -- which lets users select >whether they're at home, at work, or wherever, and >network settings are then configured accordingly ― >would solve one of my problems. > >Any suggestions would be appreciated. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|