No there is not.
How does this undermine the use of a stealth rule? Disable the
"Respond to Unauthenticated Topology Requests" option in
Policy->Properties in order to enable SSL authenticated topology
downloads to prevent just "anyone" from getting your userc.C
file.
Also, when constructing your Client Encrypt rule, make sure to put
the firewall object(s) in the destination field and negate them so that even
VPN users can't make a direct connection to the firewall through a
SecuRemote session.
-Jeff Hochberg
Helo.
Does anyone know if its possible to use a NAT'ed address of the
firewall's external interface as the point of connect in
the SecureRemote Client. In otherwords, say the external
interface of of my firewall is publicly addressable: 111.111.111.111,
and I plan giving it a NAT'ed address of 222.222.222.222 to be
used by my clients for topology updates and VPN connections. Is this
possible?
The reason I want to do this is because the file: userc.C, which is
located on the client, contains (in clear text) several firewall and
network details that undermine the use of a Stealth Rule, and thus
compromises my security policy.
Any advice would be appreciated.
Regards,
R.
Do You Yahoo!?
Yahoo! Mail
Personal Address - Get email at your own domain with Yahoo!
Mail.