Well, live and learn. Thanks for the clarification. Do you mean the "accept
all encrypted traffic" check box? I've never used that for some reason, but
I ferget why.
Ray
From: Stewart Williams <Stewart.Williams AT TRUSTWAVE DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Citrix through Edge VPN
Date: Fri, 24 Sep 2004 16:46:23 -0400
Actually, its coming from the "Accept VPN Traffic" rule, which allows
traffic from any to any via VPN communities based on encryption
services. This is an implied rule that was created when I made the VPN
community.
Im on 4.5.45x firmware for the edge.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: Friday, September 24, 2004 4:29 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Citrix through Edge VPN
Which firmware are you on? They're revising it a lot and the latest I've
seen is 4.5.49. That's the first place I would start. I've got a few
Edge
cases open with Check Point and they have been super-responsive in
working
with us.
>The problem is that I do not set which
>one of these services I want the traffic to use, since it is through
the
>vpn it all comes in as rule 0. Anyone have any ideas?
Huh? If it's coming in on Rule 0, the implied rules, it's coming from
outside the VPN. Go into SmartView Tracker, VPN-1, scroll way to the
right
and filter on Community for your Edge VPN community to see what's going
through the VPN.
Ray
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: [FW-1] Citrix through Edge VPN
>Date: Fri, 24 Sep 2004 12:55:26 -0400
>
>I have read about a number of Citrix issues through FW-1, but I havent
>read anything about getting it to work through a vpn. I have a vpn
>between an R55 cluster and an Edge X device. I can do all normal
traffic
>through vpn without a problem (term serv, icmp, ftp) but citrix
>connections tend to drop every so often (about every 20 minutes). Is
>there something I need to do in the FW ruleset? I notice that there are
>2 services defined for tcp 1494. The problem is that I do not set which
>one of these services I want the traffic to use, since it is through
the
>vpn it all comes in as rule 0. Anyone have any ideas?
>
>stew
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Check out Election 2004 for up-to-date election news, plus voter tools and
more! http://special.msn.com/msn/election2004.armx
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
