[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] SecuRemote connects to which fw interface (again)?
I believe the answer would be yes. The IP address in the general tab is used to build the topology download, and this is the IP address to which securemote will connect to. I do agree that Check Point "should" use the closest interface to the securemote client, but this is not the case thus far. Maybe you could submit a bug to Check Point's Support center? -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- Larry Pingree Sr. Security Consultant Email: [email protected] SiegeWorks Company WebSite: http://www.siegeworks.com/ Security Installation, Training and Consulting -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- ----- Original Message ----- From: Hartmann, Josef <[email protected]> To: <[email protected]>; <[email protected]> Sent: Thursday, February 15, 2001 1:23 AM Subject: [FW1] SecuRemote connects to which fw interface (again)? > > > Hi, > > > I am running a fw with quite a few interfaces. Now I would like to setup a > VPN. After some troubles userc.C is now loaded, however SecuRemote does > connect to the primary interface of the firewall not to the interface which > the client has access to. > > Unfortunately userc.C is encrypted. Setting the appropriate parameter in > userc.C to false or removing it did not help me. > > A small figure to illustrate this: > > Network C > > | > | > _______________ > | | > network A -----------| FW |----------------- Network B > --------- VPN Client > this IP address is | | > set the one of the | | > FW object. -------------------------- > | > | > Network D > > As you can see the Gateway address of the SecuRemote Client should be > interface B however, after the Topo downloaded forces the VPN Client to use > interface A as gateway but that's silly, isn't? Do I have to use Interface B > as the "primary" (the IP Address given in the general tap of the workstation > properties of the firewall object) interface of the firewall object? > > > > > Any hints? > > > Cheers, > > Josef > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|