Hi Reinhard,
I changed the https service Protocol-Type to "None", and then vendor still
cannot SSH to their box. Any other ideas?
Thanks,
Sean
Reinhard Stich <r.stich AT INTERNET-SECURITY DOT AT>
Sent by: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
11/24/2005 10:54 AM
Please respond to
Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To
FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
cc
Subject
Re: [FW-1] SSH VPN over non-standard port
hi,
fw1 tries to deny tunneling over ssl - and http on port 443 does not
look like ssl ... so this is blocked.
you should define https as protocol-type "none" ...
cheers
reinhard
At 14:58 24.11.2005, you wrote:
>Hi,
>
>I have a VPN user trying to SSH into a box over port 443, and it is not
>working through our VPN. I can SSH to the same box over port 443 when on
>the internal network. The connection attempt is accepted to the SSH box,
>but the key prompt never comes up to accept. Does Checkpoint allow SSH
>access when not using the standard port 22?
>
>Thanks,
>
>Sean
>
>
>
>The information contained in this e-mail message is confidential and
>protected by law. The information is intended only for the person or
>organization addressed in this e-mail. If you share or copy the
>information you may be breaking the law. If you have received this
e-mail
>by mistake, please notify the sender of the e-mail by the telephone
number
>listed on this e-mail. Please destroy the original; do not e-mail back
>the information or keep the original.
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
--
Reinhard Stich ASSIST R.Stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
The information contained in this e-mail message is confidential and
protected by law. The information is intended only for the person or
organization addressed in this e-mail. If you share or copy the
information you may be breaking the law. If you have received this e-mail
by mistake, please notify the sender of the e-mail by the telephone number
listed on this e-mail. Please destroy the original; do not e-mail back
the information or keep the original.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
