[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] SecuRemote on FW4.1
After upgrading from 4.0 to 4.1 I can only get my SecuRemote clients to work
if I enable the "Accept VPN1 + Firewall1 control connections" in the
"security policy" tab of the Policy properties.
Although I have switched on the logging of implicit rules, there is no
indication what actually makes it work. (I.e. which service I have to
explicitly allow in the rulebase).
If I don't enable the option, I can't see anything being dropped or rejected
either. It just won't work then. (SR hangs on "Exchanging keys with a
firewall" for a while before saying that the firewall does not respond)
a) Can I get it to work through the rulebase or will I have to leave "Accept
VPN1 + Firewall1 control connections" ticked?
b) The option above sounds risky to me as it appears to result in various
open ports on the outside interface. Probably more than SecuRemote actually
requires. - Is it?
Some facts:
-FW1 4.1 SP6 Strong + SecuRemote
-running on WinNT4 SP6 + hotfixes
-I am using encapsulated FWZ.
-The client I was testing with was the latest Version (although single DES
only), but some clients out there date back to 3.0 versions.
Best Regards,
Andy
--
Amann & Soehne GmbH & Co.
IS / Andreas Reischle
Hauptstr. 1 - D-74357 Boennigheim
fon +49 7143-277-420 fax +49 7143-277-456
E-Mail [email protected]
Web: http://www.amann-online.de
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================