[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Problem with ICA protocol
You need to also add high ports into the rule. By default ICA back connections will come in on ports above the standard 1024 that the firewall will allow connections on. For this reason you have to create a resource of other with the following: match tcp, dport >=(1st port in range above 1024), dport <= (last port in range below 65???) all else in this can be left blank. You then need to insert this into the ICA rule. Essentially it's a matter of trial and error to see how high you have to set the last port in range. Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Stefan Fassbender Sent: Tuesday, April 10, 2001 10:45 AM To: [email protected]; [email protected] Subject: AW: [FW1] Problem with ICA protocol higher timeout for icaclient in wtsrv.ini -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]]Im Auftrag von [email protected] Gesendet: Dienstag, 3. April 2001 21:38 An: [email protected] Betreff: [FW1] Problem with ICA protocol Hi all, I am using FW-1 sp2, and I am not able to estabilish connections from the Internet to my MetaFrame server. I´ve created the following rule: any MetaFrameServer any allow I am allowing connections to any port only because this is a testing environment. The ICA client documentation says that ports 1494-tcp and 1604-udp are the only ones needed. In the FW-1 log i see the connection being accepted by the firewall, but the ICA client shows an error similar to a timeout after a while. Any ideas are welcome. Thanks in advance Geraldo Fonseca Icatu-Hartford Seguros S.A. [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|