[FW-1] Firewall-1 4.1 Mobile VPN Intermittently Failing

[Dante Mercurio <dmercurio@FW1-NOSPAMCCGSECURITY.COM>]

I have a customer with a Checkpoint Firewall-1 in which SecureRemote VPN
begins to fail after about a week of successful connectivity.

What is strange is that the connection works entirely for about a week,
and then the connection stays active, but various things will not
function. For example, I can ping and telnet to routers and UNIX across
the 'not-fully-functional' VPN, but if I try to hit an Intranet server,
or map a drive to an NT system I get problems. In the case of the web
page, the connection fails, and the drive mapping says the password is
not correct. The problem is not isolated to each VPN connection, as if I
attempt to dial-in and connect from somewhere new, the problem still
exists.

If I reboot the firewall (starting and stoping FW does not seem to
work), all works for about a week, and then it fails again. ANY
suggestions on where to troubleshoot would be GREATLY appreciated.

Environment:
Checkpoint FW module and management module running on Windows 2000 SP1
Firewall-1 ver 4.1 SP3
VPN is UDP encapsulated in order to be compatible with a customer's
Linksys at home.

Item of note: one course of troubleshooting lead us to believe there was
a problem with the BGP Internet router, as clearing the arp table from
that seemed to correct the issue. At this point, however, the customer
states that the only way to have it fully functional again is to reboot
the firewall.

M. Dante Mercurio, CCNA, MCSE+I, CCSA
Consulting Services Manager
Continental Consulting Group, LLC
www.ccgsecurity.com <http://www.ccgsecurity.com/>
 <mailto:dmercurio@ccgsecurity.com> dmercurio@ccgsecurity.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================