[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] VPN and Http
I have seen strange activity (i.e. FW1 behave incorrectly) when an "Any" rule is before an encryption rule. I doubt that your problem was like mine, but try putting all your encryption rules at the top of your rulebase. HTH -- Chris --- Dan Guinn <[email protected]> wrote: > > > Interesting...do you have a rule before this that > blocks/filters HTTP, or do > you have a NAT rule for either of these networks? > > If you have a filter/block, move this rule before > it. > If you have a NAT, make sure to put both networks in > a group, and add a NAT > rule that looks like: > > VPNGroup-----VPNGroup-----Original > > Dan Guinn > > -----Original Message----- > From: Martin Flagg > [mailto:[email protected]] > Sent: Monday, February 26, 2001 9:34 AM > To: 'Dan Guinn' > Subject: RE: [FW1] VPN and Http > > > Its the first Rule, > > LanNet1-----LanNet1------any-------Encyrpt----LogLong > LanNet2-----LanNet2 > > I also have tried specifically defining HTTP with no > luck. > > Martin D. Flagg > > -----Original Message----- > From: Dan Guinn [mailto:[email protected]] > Sent: Monday, February 26, 2001 9:07 AM > To: 'Martin Flagg'; > '[email protected]' > Subject: RE: [FW1] VPN and Http > > > > What does your rule look like? Are you allowing > HTTP? > > -----Original Message----- > From: Martin Flagg > [mailto:[email protected]] > Sent: Friday, February 23, 2001 4:57 PM > To: '[email protected]' > Subject: [FW1] VPN and Http > > > > I have two sights conencted via VPN using NAT thru > the Internet. I am able > to telnet/Citrix back and forth. However when I > type a private address > of the Network1 web browser while I am on Network2 > the packet flows thru and > is dropped by the cleanup rule. > > Thanks > > > > Martin D. Flagg > Sr. Systems Engineer > Business Smarts, Inc. > [email protected] > > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|