Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Problem with ICA protocol

To: <[email protected]>, <[email protected]>, <[email protected]>
Subject: RE: [FW1] Problem with ICA protocol
From: "Juan Concepcion" <[email protected]>
Date: Tue, 10 Apr 2001 23:25:00 -0400
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

You need to also add high ports into the rule.  By default ICA back
connections will come in on ports above the standard 1024 that the firewall
will allow connections on.  For this reason you have to create a resource of
other with the following:

match tcp, dport >=(1st port in range above 1024), dport <= (last port in
range below 65???)

all else in this can be left blank.  You then need to insert this into the
ICA rule.  Essentially it's a matter of trial and error to see how high you
have to set the last port in range.

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [email protected]


-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Stefan Fassbender
Sent: Tuesday, April 10, 2001 10:45 AM
To: [email protected];
[email protected]
Subject: AW: [FW1] Problem with ICA protocol



higher timeout for icaclient in wtsrv.ini

-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]]Im Auftrag
von [email protected]
Gesendet: Dienstag, 3. April 2001 21:38
An: [email protected]
Betreff: [FW1] Problem with ICA protocol




Hi all,

I am using FW-1 sp2, and I am not able to estabilish connections from the
Internet to my MetaFrame server.  I´ve created the following rule:

any  MetaFrameServer     any  allow

I am allowing connections to any port only because this is a testing
environment.  The ICA client documentation says that ports 1494-tcp and
1604-udp are the only ones needed.

In the FW-1 log i see the connection being accepted by the firewall, but
the ICA client shows an error similar to a timeout after a while.

Any ideas are welcome.  Thanks in advance

Geraldo Fonseca
Icatu-Hartford Seguros S.A.
[email protected]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- [FW1] How to block incoming icmp
  - From: "Benjamin Keller" <[email protected]>

References:
- AW: [FW1] Problem with ICA protocol
  - From: "Stefan Fassbender" <[email protected]>

Prev by Date: [FW1] Re: fw-1-mailinglist-digest V1 #3
Next by Date: [FW1]
Previous by thread: AW: [FW1] Problem with ICA protocol
Next by thread: [FW1] How to block incoming icmp
Index(es):
- Date
- Thread