[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecureClient Policy Server
Richard, You can indeed download the topology directly from the firewall module. All you need to do is create the policy server in Manage -> Servers and select the firewall object from the Host dropdown menu. Also depending on your implementation you may need an Any - Any rule for the IPSEC, FW1_pslogon and VPN1_IPSEC_encapsulation services. I couldn't tell you why, but that is what I have seen. I hope this helps. Chad . . -----Original Message----- From: Richard Marshall [mailto:[email protected]] Sent: Wednesday, August 15, 2001 6:29 AM To: [email protected] Subject: [FW1] SecureClient Policy Server Hi Gurus :) I have (fairly) sucesfully implemented SecuRemote Access with Hybrid IKE. Recently i noticed that we actually have a license for Secure Client too, so naturally I would like to use this for it's improved security. My problem is getting FW-1 to recognise a policy server. Both the managment station and the primary firewall in the gateway cluster have a Secure Client license. However, the client program doesn't recognise that there is a policy server to log into. >From what I understand the policy server needs to be on a firewall module, not the managment module. However the SecuRemote site has to be the managment server because of the use of internal CA's. Does anyone know how i can either; get the managment server to be recognised by the system as a policy server (in the manage->servers section it will only let me select a firewall as a policy server.) Or, for the primary cluster firewall to be recognised? I have looked in Objects.C and it is pointing to the primary firewall. It is even listed in Userc.C on the client as the primary firewall, it just doesn't seem to recognise that it's there. TIA Richard Marshall Network Systems Analyst NetDoktor ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|