Re: [FW-1] Office Mode SecureClient

Subject:	Re: [FW-1] Office Mode SecureClient
From:	"Moody, Thomas (Contractor) (DDC)" <thomas.moody AT DLA DOT MIL>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 29 Jan 2004 12:30:43 -0500

Russell,

I don't know how you could make this work off hand.  First of all OfficeMode
requires that you use a separate network address space that is reserved just
for SecureClient.  Secondly, it must not to be part of the topology that the
internal network protects.  So, if the users were on your internal network
and were using the same OfficeMode IP address, the firewall would give you
an 'address spoofing' message and would drop the packets.  Unless the users
connected to some sort of special network segment, that was connected
through another interface on the firewall and that interface was configured
as External, I don't see how it could work.  Something to think about...

Just my opinion,

Thomas G. Moody
Sr. Network Security Admin

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

·  -----Original Message-----
·  From: Christian ALT [mailto:calt AT TLA DOT CH]
·  Sent: Thursday, January 29, 2004 10:52 AM
·  To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
·  Subject: Re: [FW-1] Office Mode SecureClient
·
·  How do you route through the gateway, if your users have tha
·  same IP address as on the internal LAN?
·
·  Christian ALT
·
·  Telecom and Logsitics Associates
·  Network and Security Company
·
·
·  -----Original Message-----
·  From: Mailing list for discussion of Firewall-1
·  [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf
·  Of Russell Aspinwall
·  Sent: mercredi, 28. janvier 2004 15:31
·  To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
·  Subject: [FW-1] Office Mode SecureClient
·
·
·  Hi,
·
·  I am just going though the VPN-1 documentation, in
·  particular SecureClient "Office Mode".
·
·  Given the scenario where SecureClient users use the same IP
·  address in Office as well as at home (they have routers
·  which are configured with the same internal net). Can Office
·  Mode be made to work so that the actual network address on
·  the computer is retained when connecting to the internal network?
·
·  =================================================
·  To set vacation, Out-Of-Office, or away messages, send an
·  email to LISTSERV AT amadeus.us.checkpoint DOT com
·  in the BODY of the email add:
·  set fw-1-mailinglist nomail
·  =================================================
·  To unsubscribe from this mailing list,
·  please see the instructions at
·  http://www.checkpoint.com/services/mailing.html
·  =================================================
·  If you have any questions on how to change your subscription
·  options, email fw-1-owner AT ts.checkpoint DOT com
·  =================================================
·  ---
·  Incoming mail is certified Virus Free.
·  Checked by AVG anti-virus system (http://www.grisoft.com).
·  Version: 6.0.571 / Virus Database: 361 - Release Date: 26.01.2004
·
·  ---
·  Outgoing mail is certified Virus Free.
·  Checked by AVG anti-virus system (http://www.grisoft.com).
·  Version: 6.0.571 / Virus Database: 361 - Release Date: 26.01.2004
·
·  =================================================
·  To set vacation, Out-Of-Office, or away messages, send an
·  email to LISTSERV AT amadeus.us.checkpoint DOT com
·  in the BODY of the email add:
·  set fw-1-mailinglist nomail
·  =================================================
·  To unsubscribe from this mailing list,
·  please see the instructions at
·  http://www.checkpoint.com/services/mailing.html
·  =================================================
·  If you have any questions on how to change your subscription
·  options, email fw-1-owner AT ts.checkpoint DOT com
·  =================================================
·

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Office Mode SecureClient, Russell Aspinwall Re: [FW-1] Office Mode SecureClient, Christian ALT Re: [FW-1] Office Mode SecureClient, Russell Aspinwall Re: [FW-1] Office Mode SecureClient, Moody, Thomas (Contractor) (DDC) <=

Previous by Date:	[FW-1] Problems with Routing/Encryption in Checkpoint-VPN, Kunz, T
Next by Date:	Re: [FW-1] Problems with Routing/Encryption in Checkpoint-VPN, Moody, Thomas (Contractor) (DDC)
Previous by Thread:	Re: [FW-1] Office Mode SecureClient, Russell Aspinwall
Next by Thread:	[FW-1] SecuRemote problems after migrating 4.1 users to NG-AI, aaron . reynolds
Indexes:	[Date] [Thread] [Top] [All Lists]