[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] AW: securemote and sms client
Accessing a SR user from within the encryption domain, e.g. with SMS requires the user to be logged on. Furthermore the ip address of the SR user must be known (this is either an official IP address or one of the configured IP NAT pool). Last but not least in order to establish such back connections the rulebase needs to have an entry for that. Search the CP knowledge base for X11 and encrypted connections. There's the syntax given for such a rule. If SecureClient is running on the users desktop, it mustn't be configured to allow only outgoing+encrypted as this blocks back-connections on the client desktop. Josef > -----Original Message----- > From: "Roßmanith, Peter" [SMTP:[email protected]] > Sent: Monday, April 23, 2001 1:39 PM > To: 'Maroney, Patrick @ CSE' > Cc: '[email protected]' > Subject: [FW1] AW: securemote and sms client > > > hi pat, > i dont have installed secure desktop, so i think that the client dont > block > a incoming connection. > my understandig of sr is that at the end of the ip-tunnel the ip of the sr > client is translated in the > internal ip of the fw. the communication with the network than is made > over > this adress + port. > but: how can i find a sr client from the network ? > now i make some experiments with the ip-pool-nat-tab in the firewall > properties. > if i find out interesting things i will inform you. > > peter > > > -----Ursprüngliche Nachricht----- > > Von: Maroney, Patrick @ CSE [SMTP:[email protected]] > > Gesendet am: Montag, 23. April 2001 13:10 > > An: '"Roßmanith, Peter"' > > Betreff: RE: securemote and sms client > > > > Peter, > > > > The problem is that the desktop policy is probably blocking unsolicited > > incoming connections to the desktop. This will "break" a number of > things > > like SMS and Outlook incoming mail updates. > > > > If your policy is blocking incoming connections then you need to have > the > > workstation initiate the SMS dialog. One solution might be to configure > > the > > desktop client to connect to the server on startup for database updates > > and > > downloads. > > > > We are facing the same issues and are playing with things like using a > > "personal firewall" in conjunction with SecureRemote.If you find a more > > elegant solution please let me know. > > > > Pat > > > > -----Original Message----- > > From: "Roßmanith, Peter" [mailto:[email protected]] > > Sent: Friday, April 20, 2001 7:28 AM > > To: [email protected] > > Subject: securemote and sms client > > > > > > hi world, > > has anyone expiriences in managing an securemote pc with sms ? > > how to configure the firewall so that it is possible to get access to > the > > sr-pc from the network? > > > > thanks in advance > > peter > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|