Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecuRemote FWZ encryption - does not work

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: RE: [FW1] SecuRemote FWZ encryption - does not work
From: Thomas Nilsen <[email protected]>
Date: Thu, 28 Jun 2001 16:59:03 +0200
Sender: [email protected]

But even disabling all the entires on the Desktop Security part that deals
with the SecureServer will not help. Removing "...all interfaces" now gives
a "non-ip protocal" error in the log when using FWZ encryption, but it works
fine with IKE. 

What puzzles me though is that it seems to work fine on FWZ from a RAS/DMZ
part of the FW, but not from Internet.... 

Regards, Thomas

-----Original Message-----
From: Juan Concepcion [mailto:[email protected]]
Sent: Thursday, June 28, 2001 3:02 AM
To: Thomas Nilsen; [email protected]
Subject: RE: [FW1] SecuRemote FWZ encryption - does not work


If you do a filter on the logs you will probably see "deauthorizes" shortly
after the "No Policy".  If your not using Secure Client then the only thing
you need on the Desktop Security tab is the Respond to unathenticated topo
requests (if this is how your allowing topology downloads).  What happens is
that if you have the options turned on under the Desktop Policy and you
actually have no policy server then by default CP process will check the
client coming in to see if they policy was correctly pushed to them.  Hence
when it does not find a valid policy you get the "no policy" in the log
viewer which should be accompanied by a "deauthorize" which basically means
the firewall just killed the VPN connection to the Secure Remote client.

Juan Concepcion
Network Security Consultant
CCSA/CCSE Certified
E-Mail: [email protected]


-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Thomas Nilsen
Sent: Wednesday, June 27, 2001 10:27 AM
To: [email protected]
Subject: [FW1] SecuRemote FWZ encryption - does not work



We are having some strange problems with our FW-1 v4.1 SP3.

SecuRemote works when using IKE, but if using FWZ it will exchange keys upon
initialisation of the data connection, but nothing more happens. Nothing
appears in the log. If "Desktop Is Enforcing Desktop security" is turned on,
the log will report "No Policy".

Anyone got any ideas on how to fix or at least debug this?

Best Regards,
Thomas




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] DHCP client and CheckPoint Firewall-1
Next by Date: [FW1] FW-1 and PPTP
Previous by thread: Re: [FW1] SecuRemote FWZ encryption - does not work
Next by thread: [FW1] Hotfixes for NT
Index(es):
- Date
- Thread