This issue usually happened because of the topology download. According
to its own IP the client calculate to which interface it should address.
I guess if you will run srfw monitor you will see to which Interface it
try to communicate with.
SecuRemote has 3 ways to calculate the best path :
A Gateway has more than one interface through which a VPN tunnel can be
created, remote clients have to select a particular interface. The
resolving of the appropriate interface can be done either statically,
according to the Gateway topology settings, or dynamically, by sending
RDP (UDP 259 ) packets to both interfaces and choosing the first to
respond. If you configure the resolving to be done dynamically, specify
the frequency of the resolving operation in the VPN Advanced page of the
Gateway object.
My suggestion to solve this issue is to drop RDP as the first rule on
the gateway if using SDL or on the client as a rule if not using SDL.
You will need to create an object with the ip address of the interface
you DO NOT want it to reply to the RDP request and add it to a rule.
For more detailed information regarding the mechanism look at the help
in the Global properties=>Remote access=>Vpn advanced
Let us know if it solve the problem,
Sagiv
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ilia
Shapira
Sent: Tuesday, July 19, 2005 9:13 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] NGX SecureClient Problem
We currently using NG and doing tests of NGX on a new machine.
We see a very strange problem, when a user try to remotely connect using
NGX version of SecureClient he can successfully create a new site on his
SecureClient but when he try to connect he fails to connect to the
firewall.
What is very strange is that when he creates a new site I can see him in
the firewall logs but when he tries to connect I don't even see that he
try ! When the remote user uses R56 SecureClient everything is ok
Anyone else has the same problem ? Is this the NGX version of
SecureClient bug or there is something new in NGX that I miss ?
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
**************************************************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
