[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NG FP2 - SecureClient logging into the Policy Server
At 02:15 PM 10/24/2003 +0100, you wrote:
Hi,
Could someone help me out please........
I'm currently running Checkpoint N.G FP2 and I've setup SecureClient using
Connect & Office mode thus logging into the policy server and receiving an
internal DHCP address from with the encryption domain......
It was all working fine and then a couple of weeks ago, I started getting
error messages, such as "Tunnel Test Failed", "Failed to logon to Policy
Server" and "Logon to policy server failed". The SecureClient is no longer
logging into the policy server, but the connection still succeeded. Users
could still login as if SecuRemote was running.........
If the enforcement module only has a route for your the SC client
internal ip address block,
you may run into Tunnel test failed problem. Please add a static route on
the firewall that includes
the DHCP address. This allow the firewall where to send the traffic when
it receive an office mode connection.
Looking through the checkpoint logs, I could see some drop traffic with the
error message saying "TCP Sequence Validator dropped packet with invalid
ACK number".
Looking in the Global Properties under the Stateful Inspection tab and "TCP
sequence verifier" the "Drop out of sequence packets" is already checked.
If I uncheck this box and push the policy out. Users can now log into the
policy server and down the policy and everything works. When I check the
box again, it all stops.
Currently, that is the only solution to fix the problem.
Does anyone have any ideas why this happened and how to fix this......
Also what's the impact if I leave this unchecked?
Cheers
Kalpesh
"This email and any attachments is intended for the addressee only. It may
contain confidential, proprietary or legally privileged information and any
views or opinions presented are solely those of the author. If you are not
the addressee you have received this e-mail in error. Please notify the
sender by return e-mail and then destroy it. If you have received this
e-mail in error, copying, printing, forwarding or dissemination of this
e-mail is strictly prohibited. We virus scan all e-mails but are not
responsible for any damage caused by a virus or alteration by a third party
after it is sent.
Website: http://www.kingston.com/europe
Registered in England, No: 3643195 VAT No: GB 720 5258 60"
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
