NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecureClient Policy Server



Richard,

	You can indeed download the topology directly from the firewall
module.  All you need to do is create the policy server in Manage  ->
Servers and select the firewall object from the Host dropdown menu.  Also
depending on your implementation you may need an Any - Any rule for the
IPSEC, FW1_pslogon and VPN1_IPSEC_encapsulation services.  I couldn't tell
you why, but that is what I have seen.  I hope this helps.

		Chad
.
.

 -----Original Message-----
From: 	Richard Marshall [mailto:[email protected]] 
Sent:	Wednesday, August 15, 2001 6:29 AM
To:	[email protected]
Subject:	[FW1] SecureClient Policy Server


Hi Gurus :)

I have (fairly) sucesfully implemented SecuRemote Access with Hybrid IKE.
Recently i noticed that we actually have a license for Secure Client too, so
naturally I would like to use this for it's improved security. My problem is
getting FW-1 to recognise a policy server. Both the managment station and
the primary firewall in the gateway cluster have a Secure Client license.
However, the client program doesn't recognise that there is a policy server
to log into.

>From what I understand the policy server needs to be on a firewall module,
not the managment module. However the SecuRemote site has to be the
managment server because of the use of internal CA's. Does anyone know how i
can either; get the managment server to be recognised by the system as a
policy server (in the manage->servers section it will only let me select a
firewall as a policy server.) Or, for the primary cluster firewall to be
recognised?

I have looked in Objects.C and it is pointing to the primary firewall. It is
even listed in Userc.C on the client as the primary firewall, it just
doesn't seem to recognise that it's there.

TIA

Richard Marshall
Network Systems Analyst
NetDoktor





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.