[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Secure Configuration Verification
Right... So I have changed to Traditional Mode. Now I have something weird going on. The clients sends scv_keep_alive packets to the gateway, which is fine. But it is also sending them to the host it is trying to access. So for instance if I have a webserver in the encrypted domain, if I http to it from the client, a keep alive is issued with a destination IP of the webserver. If I don't allow these packets, then the client cannot connect to the webserver... if I allow them it can. This behaviour doesn't match the documentation - actually the documentation is a bit vague on this part. Does this match anyone elses experience? Thanks, Paul >>> [email protected] 11/07/2003 06:04:53 >>> On Thu, Jul 10, 2003 at 04:39:00PM +0300, Paul Murphy wrote: > However under FP3 the Client Encrypt is implied by the VPN defined in > the VPN Manager, and also in the Desktop Policy. Neither of these tabs > appears to have a way of defining which rules only be in place if the > Desktop is secure. You have the setting under Global Settings / Remote Access / SCV, first one there I think, that says apply the control also to simplified. I haven't see simplified vpn allowing same kind of control over access to internal resources if desktop is unsecure like you get with traditional mode - it's just "apply to all remote access" or "don't do it at all". ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|