[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FW: Good question about Secure Remote and topology down load
>I believe that the cause is because the firewall object is define in my >userc.c and when the user try to access to a server in my DMZ, the firewall >send back a user authentication to the user. If the user must authenticate >to the firewall and the firewall object is listed in is userc.c, thus the >user gonna try to perform a key exchange with the firewall before to >authenticate. Do I'm right? How to remove the firewall object only or how >to fix my problem? .. you are right - but the real problem is that your DMZ is in the "encryption domain" defined for the firewall object in the userc.C file. When the packet is going out, the SecuRemote kernel compares the destination IP address of the packet to the encryption domain. If the address falls in the encryption domain, the kernel will try to establish a VPN tunnel with the firewall defined... The work around is to disable the site when users are in the office connected to your network... Open SecuRemote/SecureClient and right click on the site and select "Disable". Amin Tora, CISSP ePlus Technology http://www.eplus.com NASDAQ: PLUS ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|