[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Securemote (build 4199) on Win2k server not working
He has set these rules up at the top of his policy on his ip330. The int_Win2kServ_PC is an internal workstation object (it has an external ip using hiding NAT), while the ext_CST_FW is a workstation object with our external ip address: Rule Source Destination Service Action 1 int_Win2kServ_PC ext_CST_FW FW1, FW1_topo, FW1_pslogon Accept 2 int_Win2kServ_PC ext_CST_FW RDP, IKE, IKE_tcp, Accept 3 int_Win2kServ_PC ext_CST_FW ESP Accept ext_CST_FW int_Win2kServ_PC Should he be using his external object? Should the object for our firewall be an Integrated Firewall object? I don't know if he has an encryption license, is that needed? What other services should he be allowing? Thanks for your assistance. Alan. -----Original Message----- From: John Chalifoux [mailto:[email protected]] Sent: Tuesday, June 04, 2002 1:04 PM To: [email protected] Subject: Re: [FW-1] Securemote (build 4199) on Win2k server not working Hi, I had something like that happen. I couldn't ping, trace or do anything. It turned out that the machine, which was in my DMZ, had a FW policy that restricted communication to the internal network. You might want to check this out with your FW guy again just to be sure. John Chalifoux Network Administrator SMI Systems & Methods, Inc. [email protected] WorkCell-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Alan Choyna Sent: Tuesday, June 04, 2002 1:06 PM To: [email protected] Subject: [FW-1] Securemote (build 4199) on Win2k server not working Hi people. We're running an ip440 with 4.1 SP3 and am trying to get an affiliate company to VPN into our network. He's using Securemote (Build 4199) on Win2k Server, and is sitting behind a Nokia IP330. I can see him authenticate when he updates his policy, but he cannot ping, ftp (or anything for that matter) any machine within our network. He can access everything fine from home, and the FW guy there has assured me that he's opened up the correct ports between his network and our FW1 boxes external ip (he says there are no rejects or drops when he attempts to ping or FTP). When he does a trace route on our FW's ip, it works fine, however the trace route on one of the internal boxes totally fails, not even showing the FW. Only the policy updates and authentication shows up in our logs. Not the ping or FTP attempts. Has anyone had issues with Securemote and Win2k server? Any suggestions? Thanks in advance, Alan. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|