NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VPN and Http



I have seen strange activity (i.e. FW1 behave
incorrectly) when an "Any" rule is before an
encryption rule.

I doubt that your problem was like mine, but try
putting all your encryption rules at the top of your
rulebase.

HTH -- Chris

--- Dan Guinn <[email protected]> wrote:
> 
> 
> Interesting...do you have a rule before this that
> blocks/filters HTTP, or do
> you have a NAT rule for either of these networks?
> 
> If you have a filter/block, move this rule before
> it.
> If you have a NAT, make sure to put both networks in
> a group, and add a NAT
> rule that looks like:
> 
> VPNGroup-----VPNGroup-----Original
> 
> Dan Guinn
> 
> -----Original Message-----
> From: Martin Flagg
> [mailto:[email protected]]
> Sent: Monday, February 26, 2001 9:34 AM
> To: 'Dan Guinn'
> Subject: RE: [FW1] VPN and Http
> 
> 
> Its the first Rule,
> 
>
LanNet1-----LanNet1------any-------Encyrpt----LogLong
> LanNet2-----LanNet2
> 
> I also have tried specifically defining HTTP with no
> luck.
> 
> Martin D. Flagg
> 
> -----Original Message-----
> From: Dan Guinn [mailto:[email protected]]
> Sent: Monday, February 26, 2001 9:07 AM
> To: 'Martin Flagg';
> '[email protected]'
> Subject: RE: [FW1] VPN and Http
> 
> 
> 
> What does your rule look like?  Are you allowing
> HTTP?
> 
> -----Original Message-----
> From: Martin Flagg
> [mailto:[email protected]]
> Sent: Friday, February 23, 2001 4:57 PM
> To: '[email protected]'
> Subject: [FW1] VPN and Http
> 
> 
> 
> I have two sights conencted via VPN using NAT thru
> the Internet.  I am able
> to telnet/Citrix  back and forth.   However  when I
> type a private address
> of the Network1 web browser while I am on Network2
> the packet flows thru and
> is dropped by the cleanup rule.  
> 
> Thanks
> 
> 
> 
> Martin D. Flagg
> Sr. Systems Engineer
> Business Smarts, Inc.
> [email protected]
> 
> 
> 
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.