Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] AW: securemote and sms client

To: '"Roßmanith, Peter"' <[email protected]>, "'Maroney, Patrick @ CSE'" <[email protected]>
Subject: RE: [FW1] AW: securemote and sms client
From: "Hartmann, Josef" <[email protected]>
Date: Tue, 24 Apr 2001 14:41:44 +0200
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

Accessing a SR user from within the encryption domain, e.g. with SMS
requires the user to be logged on. Furthermore the ip address of the SR user
must be known (this is either an official IP address or one of the
configured IP NAT pool).

Last but not least in order to establish such back connections the rulebase
needs to have an entry for that. Search the CP knowledge base for X11 and
encrypted connections. There's the syntax given for such a rule.

If SecureClient is running on the users desktop, it mustn't be configured to
allow only outgoing+encrypted as this blocks back-connections on the client
desktop.


Josef

> -----Original Message-----
> From:	"Roßmanith, Peter" [SMTP:[email protected]]
> Sent:	Monday, April 23, 2001 1:39 PM
> To:	'Maroney, Patrick  @ CSE'
> Cc:	'[email protected]'
> Subject:	[FW1] AW: securemote and sms client
> 
> 
> hi pat,
> i dont have installed secure desktop, so i think that the client dont
> block
> a incoming connection.
> my understandig of sr is that at the end of the ip-tunnel the ip of the sr
> client is translated in the
> internal ip of the fw. the communication with the network than is made
> over
> this adress + port.
> but: how can i find a sr client from the network ?
> now i make some experiments with the ip-pool-nat-tab in the firewall
> properties.
> if i find out interesting things i will inform you.
> 
> peter
> 
> > -----Ursprüngliche Nachricht-----
> > Von:	Maroney, Patrick  @ CSE [SMTP:[email protected]]
> > Gesendet am:	Montag, 23. April 2001 13:10
> > An:	'"Roßmanith, Peter"'
> > Betreff:	RE: securemote and sms client
> > 
> > Peter,
> > 
> > The problem is that the desktop policy is probably blocking unsolicited
> > incoming connections to the desktop.  This will "break" a number of
> things
> > like SMS and Outlook incoming mail updates.
> > 
> > If your policy is blocking incoming connections then you need to have
> the
> > workstation initiate the SMS dialog.  One solution might be to configure
> > the
> > desktop client to connect to the server on startup for database updates
> > and
> > downloads.
> > 
> > We are facing the same issues and are playing with things like using a
> > "personal firewall" in conjunction with SecureRemote.If you find a more
> > elegant solution please let me know.
> > 
> > Pat
> > 
> > -----Original Message-----
> > From: "Roßmanith, Peter" [mailto:[email protected]]
> > Sent: Friday, April 20, 2001 7:28 AM
> > To: [email protected]
> > Subject: securemote and sms client
> > 
> > 
> > hi world,
> > has anyone expiriences in managing an securemote pc with sms ?
> > how to configure the firewall so that it is possible to get access to
> the
> > sr-pc from the network?
> > 
> > thanks in advance
> > peter
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Putkeys...
Next by Date: Re: [FW1] Nokia-Box Restart Problem
Previous by thread: [FW1] AW: securemote and sms client
Next by thread: RE: [FW1] AW: securemote and sms client
Index(es):
- Date
- Thread