You may lower MTU size on SR interface of the client systems.(no action
necessary on the firewall)
- yinal
-----Original Message-----
From: Mateo Cabrera - Security Advisor [mailto:mcabrera AT SADVISOR DOT COM]
Sent: Wednesday, May 26, 2004 11:54 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SecuRemote behavior, URGENTEEEEEE...PLEASE...!!!
Hi, guys...
I´ve a strange problem with securemote...
The environment is this:
I´ve a NOKIA IP330 with IPSO 3.7, and NG_AI_R55 HFA_03 (In StandAlone mode,
this is EnforcedModule+SmartCenterServer in a same appliance)
This appliance have 5 interfaces, 2 of these are defined as EXTERNAL, one to
Internet and the other to dedicated connection.
The SecuRemote clients does to connect through the both INTERNET and
DEDICATED interfaces...the SecuRemote licence are associated to the Internet
address (Public IP).
For the SecuRemote clients that try to connect incoming to the firewall on
the Dedicated Interface, it works fine.
But for the clients with SecuRemote that try to connect incoming to the
firewall on the Internet Interface, there are problems...the IKE and
FW1_Topo entries are the only that i see in the SmartView Tracker.
However...and this is the interesting part...!!!, some clients from Internet
connect themselves without problems.
NOTE: All this began to happen when I applied the HOT_FIX_03....
I´dont known, but is very strange...
any ideas?
Regards...
Saludos,
Mateo Cabrera - Soporte Técnico
Security Advisor
www.sadvisor.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Please note that:
1. This e-mail may constitute privileged information. If you are not the
intended recipient, you have received this confidential email and any
attachments transmitted with it in error and you must not disclose, copy,
circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in
accordance with lawful business practices.
3. The contents of this email are those of the individual and do not
necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are
subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is
sent.
http://www.integralis.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
