NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SecuRemote connects to which fw interface (again)?

Josef,
You are right, they are not very clear on this.  On the gateway enforcement point -
the machine to which your securemote clients will connect, edit the
$FWDIR/conf/objects.C file

search for the :props
section and add the line anywhere in that section being sure to keep the same
alignment.

stop and restart the firewall, and again, make sure the clients themselves are at
least 4.165.

CryptoTech

"Hartmann, Josef" wrote:

> Ok,
>
> I just read sp2 release notes and found the setting:
> :resolve_multiple_interfaces (true)
>
> However I do not know where to put this setting exactly. What is meant by
> the gateway object? I tried putting it on different places however none of
> them forced SecuRemote to connect to different FW interfaces.
>
> Cheers,
>
> Josef
>
> > -----Original Message-----
> > From: CryptoTech [SMTP:[email protected]]
> > Sent: Monday, February 19, 2001 3:54 PM
> > To:   Hartmann, Josef
> > Cc:   'Larry Pingree'; [email protected];
> > [email protected]
> > Subject:      Re: [FW1] SecuRemote connects to which fw interface (again)?
> >
> >
> > Please read the release notes for SP2.  You cannot download topology from
> > the other
> > ip addresses, but once the topology exists on the client, he can establish
> > a vpn to
> > any of the firewall's interfaces that he can see.
> >
> > Cheers,
> > CryptoTech
> >
> > "Hartmann, Josef" wrote:
> >
> > > Thinking about this effect, means that it is only possible to establish
> > a
> > > VPN connection only to one firewall interface?!?
> > >
> > > How do I get access to Checkpoint's Support center?
> > >
> > > > -----Original Message-----
> > > > From: Larry Pingree [SMTP:[email protected]]
> > > > Sent: Thursday, February 15, 2001 8:51 PM
> > > > To:   Hartmann, Josef; [email protected];
> > > > [email protected]
> > > > Subject:      Re: [FW1] SecuRemote connects to which fw interface
> > (again)?
> > > >
> > > > I believe the answer would be yes. The IP address in the general tab
> > is
> > > > used
> > > > to build the topology download, and this is the IP address to which
> > > > securemote will connect to.
> > > >
> > > > I do agree that Check Point "should" use the closest interface to the
> > > > securemote client, but this is not the case thus far.
> > > >
> > > > Maybe you could submit a bug to Check Point's Support center?
> > > >
> > > >
> > > > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> > > > Larry Pingree
> > > > Sr. Security Consultant
> > > > Email: [email protected]
> > > >
> > > > SiegeWorks
> > > > Company WebSite: http://www.siegeworks.com/
> > > > Security Installation, Training and Consulting
> > > > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> > > > ----- Original Message -----
> > > > From: Hartmann, Josef <[email protected]>
> > > > To: <[email protected]>;
> > <[email protected]>
> > > > Sent: Thursday, February 15, 2001 1:23 AM
> > > > Subject: [FW1] SecuRemote connects to which fw interface (again)?
> > > >
> > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > >
> > > > > I am running a fw with quite a few interfaces. Now I would like to
> > setup
> > > > a
> > > > > VPN. After some troubles userc.C is now loaded, however SecuRemote
> > does
> > > > > connect to the primary interface of the firewall not to the
> > interface
> > > > which
> > > > > the client has access to.
> > > > >
> > > > > Unfortunately userc.C is encrypted. Setting the appropriate
> > parameter in
> > > > > userc.C to false or removing it did not help me.
> > > > >
> > > > > A small figure to illustrate this:
> > > > >
> > > > >                                  Network C
> > > > >
> > > > >                                          |
> > > > >                                          |
> > > > >                              _______________
> > > > >                              |                        |
> > > > > network A   -----------|         FW           |-----------------
> > Network
> > > > B
> > > > > ---------          VPN Client
> > > > > this IP address is   |                         |
> > > > > set the one of the   |                         |
> > > > > FW object.             --------------------------
> > > > >                                          |
> > > > >                                          |
> > > > >                                  Network D
> > > > >
> > > > > As you can see the Gateway address of the SecuRemote Client should
> > be
> > > > > interface B however, after the Topo downloaded forces the VPN Client
> > to
> > > > use
> > > > > interface A as gateway but that's silly, isn't? Do I have to use
> > > > Interface
> > > > B
> > > > > as the "primary" (the IP Address given in the general tap of the
> > > > workstation
> > > > > properties of the firewall object) interface of the firewall object?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Any hints?
> > > > >
> > > > >
> > > > > Cheers,
> > > > >
> > > > > Josef
> > > > >
> > > > >
> > > > >
> > > >
> > ==========================================================================
> > > > ==
> > > > ====
> > > > >      To unsubscribe from this mailing list, please see the
> > instructions
> > > > at
> > > > >                http://www.checkpoint.com/services/mailing.html
> > > > >
> > > >
> > ==========================================================================
> > > > ==
> > > > ====
> > > > >
> > >
> > >
> > ==========================================================================
> > ======
> > >      To unsubscribe from this mailing list, please see the instructions
> > at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> > ==========================================================================
> > ======
> > >
> > > ________________________________________________________________________
> > > This message has been checked for all known viruses, by Star Internet,
> > > delivered through the MessageLabs Virus Control Centre.
> > > For further information visit:
> > > http://www.star.net.uk/stats.asp
> > >
> > >
> > ==========================================================================
> > ======
> > >      To unsubscribe from this mailing list, please see the instructions
> > at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> > ==========================================================================
> > ======
> >
> >
> >
> > ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==========================================================================
> > ======
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.