[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Packets not being encrypted
Yes, I have -- in a similar situation. In fighting with Firewall-1 (FW1) and Nortel's Contivity (NV) box to get a VPN 3DES connection to work -- that is what happened. It seems that FW1 wants to be your best friend. If it can't follow the encryption rule, then it will do the second best thing and toss it out unencrypted (after all -- the rule *implies* accept). I could not get my FW1 v4.1 SP2 box to IKE with their NC box. When they sniffed their traffic, they were getting my raw, unencrypted, packets. Strange, no? I would think that CP needs to adjust the encryption "policy" from *implies* access to "only access if". Thanks -- Chris --- Neil Pike <[email protected]> wrote: > > I haven't seen this hands on yet, only helped to > "debug" it over the > phone, but assuming they haven't misconfigured, has > anyone seen/heard of a > bug whereby nfs/rpc portmapper (udp) packets are not > encrypted/tunneled > even though there is a rule there to do it? They > get to the remote > firewall "in-clear", destined for the destination > global address (rather > than the remote firewall interface) and are dropped > by rule-0 because they > haven't been encrypted. > > NT/Firewall 4.1 SP3 on the local end and Nokia IPSO > 3.2.1/Firewall 4.1 SP2 > on the remote end. > > Neil Pike > Protech Computing Ltd > > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|