[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] work/home laptop and SecuRemote client
Hi, I've noticed somewhat the same behavior as Robert Carr. I have multiple encryption domains behind multiple firewalls. I also have a laptop I use at home, and in the office. When I'm at home everything works fine. When I'm in the office and accessing devices in the same encryption domain SecuRemote does not pop up, etc. However; when I try to access a device in another encryption domain SecuRemote does pop up even though I have access to the device though frame relay, no firewall involved. I the kill SecuRemote and keep working. If you want something for your users that might be easier, there is a registry hack to keep SR from starting at boot. Sorry I don't know it off hand, but it does exist. Then you could put an icon for Sr on the desktop, and let them start it only when needed. Not much better then having to kill SR, but ... HTH, Pete Goodridge --- Robert MacDonald <[email protected]> wrote: > > Robert, > > SecureRemote, when setup properly, will function > very > well and never needs to be killed. Is your > encryption domain > setup correctly? This should encompass the networks > inside > of your private network. This way, when SecureRemote > detects that you have local connectivity, it will > just ignore > all requests and allow traffic to pass as local > traffic. > > When SecureRemote detects traffic bound for your > encryption > domain and it does not have a local connection, SR > will > spring to life. > > A problem that occur often is, the system in > question has an > IP address in the encryption domain while remote. If > this happens > then SR will think it's still local. > > Do you have different setups for these users at home > vs work or > are these machines equipped with a docking station > at work > and a PCMCIA at home? > > Robert > > - - > Robert P. MacDonald, Network Engineer > Team Lead, e-Business Infrastructure > G o r d o n F o o d S e r v i c e > Voice:email: [email protected] > > >>> Robert Carr <[email protected]> 12/18/00 > 2:12:40 AM >>> > > > >SecuRemote assumes the machine on which it is > >installed is always "remote": whether at home, or > on > >the road. What happens if you have a laptop which > >serves both as your home machine and your at-work > >machine? > > > >I have several users who use only (NT 4) laptops in > >the office and expect to carry them back and forth > >between work. Unfortunately, whenever the users > are > >in the office, as soon as they start up their > laptop, > >SecuRemote unnecessarily creates a VPN over the > >internal network out to the firewall's external > >interface (and then back into the network. > > > >If only a few users do this, it's merely annoying > and > >inefficient but I wonder if hundreds of my users > all > >came into the office with SecuRemote on their > laptops > >and booted up if it wouldn't bring FW-1 to its > knees. > >If SecuRemote bothered to check the > >currently-configured IP to see if it was within an > >encryption domain, it could decide whether a VPN > was > >necessary. > > > >I could ask users to manually kill SecuRemote when > >they're in the office but most probably wouldn't. > >Similarly, some of these users have static IPs at > home > >(while having DHCP at work). Since we've taken > >administrative privileges away from them, they > can't > >change their Network settings (and even if they > could, > >most would find doing so too inconvenient). > > > >These two problems have kept me from rolling out > >SecuRemote to those users. Has anyone worked out a > >less-than-kludgy solution for this? Something that > >works even with untrainable users? Something akin > to > >Apple's Location Manager -- which lets users select > >whether they're at home, at work, or wherever, and > >network settings are then configured accordingly ¯ > >would solve one of my problems. > > > >Any suggestions would be appreciated. > > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|