I got Exceed 8 to work by changing the broadcast address from
255.255.255.255 to the actual broadcast address of the subnet where the
server is located, e.g. 192.168.1.255. Then I created a separate desktop
security policy rule solely for X11 and also adding tcp-high-ports and it
worked. X11 is not included in "service - any" so you have tyo define it
explicitly. Make sure you allow back connections for SecureClient as well.
Using SecureClient R55 HFA03 and Office Mode.
Ray
From: Alan Baker <Alan.Baker AT SEPURA DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Help with X-11
Date: Wed, 22 Dec 2004 16:22:52 -0000
I'm trying to get something like Exceed or WinAxe working using Secure
Client and Office Mode.
I'm using Secure Client R56 and NG AI R55. Firewall on Solaris 8 box
and client Windows XP.
The client gets a suitable address for my network.
I have rule to allow X11 explicitly from the login server to the client.
Everything seems to behave except for the final stage.
I see XDCMP from client to the login server and X11 (port 6000) traffic
in the reverse direction.
On the login server dtgreet starts up with the correct display address,
but the client steadfastly refuses to display it.
From the login server I can traceroute/ping through to the client, so
don't think it's a routing issue.
Does anyone have any ideas as to what I might be missing?
Alan
_______________________________________________________________________
The information in this email is confidential. It is intended
solely for the addressee. Access to this email by anyone else
is unauthorised. If you are not the intended recipient, any
disclosure, copying, or distribution is prohibited and may be
unlawful. If you have received this email in error please delete
it immediately and contact commercial AT sepura DOT com.
_________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet.
The service is powered by MessageLabs.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
