NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] work/home laptop and SecuRemote client



Hi,

I've noticed somewhat the same behavior as Robert
Carr.  I have multiple encryption domains behind
multiple firewalls.  I also have a laptop I use at
home, and in the office.  

When I'm at home everything works fine.  When I'm in
the office and accessing devices in the same
encryption domain SecuRemote does not pop up, etc. 
However;  when I try to access a device in another
encryption domain SecuRemote does pop up even though I
have access to the device though frame relay, no
firewall involved.  I the kill SecuRemote and keep
working.

If you want something for your users that might be
easier, there is a registry hack to keep SR from
starting at boot.  Sorry I don't know it off hand, but
it does exist.  Then you could put an icon for Sr on
the desktop, and let them start it only when needed. 
Not much better then having to kill SR, but ...

HTH,
Pete Goodridge

--- Robert MacDonald <[email protected]> wrote:
> 
> Robert,
> 
> SecureRemote, when setup properly, will function
> very
> well and never needs to be killed. Is your
> encryption domain
> setup correctly? This should encompass the networks
> inside
> of your private network. This way, when SecureRemote
> detects that you have local connectivity, it will
> just ignore
> all requests and allow traffic to pass as local
> traffic.
> 
> When SecureRemote detects traffic bound for your
> encryption
> domain and it does not have a local connection, SR
> will
> spring to life.
> 
> A problem that occur often is, the system in
> question has an
> IP address in the encryption domain while remote. If
> this happens
> then SR will think it's still local.
> 
> Do you have different setups for these users at home
> vs work or
> are these machines equipped with a docking station
> at work
> and a PCMCIA at home?
> 
> Robert
> 
> - -
> Robert P. MacDonald, Network Engineer
> Team Lead, e-Business Infrastructure
> G o r d o n   F o o d    S e r v i c e
> Voice:email: [email protected]
> 
> >>> Robert Carr <[email protected]> 12/18/00
> 2:12:40 AM >>>
> >
> >SecuRemote assumes the machine on which it is
> >installed is always "remote": whether at home, or
> on
> >the road.  What happens if you have a laptop which
> >serves both as your home machine and your at-work
> >machine?
> >
> >I have several users who use only (NT 4) laptops in
> >the office and expect to carry them back and forth
> >between work.  Unfortunately, whenever the users
> are
> >in the office, as soon as they start up their
> laptop,
> >SecuRemote unnecessarily creates a VPN over the
> >internal network out to the firewall's external
> >interface (and then back into the network.  
> >
> >If only a few users do this, it's merely annoying
> and
> >inefficient but I wonder if hundreds of my users
> all
> >came into the office with SecuRemote on their
> laptops
> >and booted up if it wouldn't bring FW-1 to its
> knees. 
> >If SecuRemote bothered to check the
> >currently-configured IP to see if it was within an
> >encryption domain, it could decide whether a VPN
> was
> >necessary.
> >
> >I could ask users to manually kill SecuRemote when
> >they're in the office but most probably wouldn't. 
> >Similarly, some of these users have static IPs at
> home
> >(while having DHCP at work).  Since we've taken
> >administrative privileges away from them, they
> can't
> >change their Network settings (and even if they
> could,
> >most would find doing so too inconvenient).
> >
> >These two problems have kept me from rolling out
> >SecuRemote to those users.  Has anyone worked out a
> >less-than-kludgy solution for this?  Something that
> >works even with untrainable users?  Something akin
> to
> >Apple's Location Manager -- which lets users select
> >whether they're at home, at work, or wherever, and
> >network settings are then configured accordingly ¯
> >would solve one of my problems.
> >
> >Any suggestions would be appreciated.
> 
> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.