Hello all,
Did anybody see the following problem on a Nokia VRRP cluster after
enabling SecureXL?
Setup, Nokia VRRP with IPSO 3.9 and R55p, with a vpn towards a Cisco
allowing any traffic. The ftp security server is enabled for user
authentication, but the authentication is not used in this specific ftp
connection. Having the ftp security server however does result in check
point security server is intercepting all ftp connections and printing
the security server banner.
After having enabled SecureXL, ftp connections towards the vpn peer no
longer work. The connection is dropped on the VPN rule with the
following error "encryption fail reason: Packet is dropped because there
is no valid SA - please refer to solution sk19423 in SecureKnowledge
Database for more information". If we disable SecureXL by doing
"fwaccel off" the ftp connection works fine and the action is encrypt
rather then drop.
The only thing I could find is sk30417 which mentions an issue which was
fixed in a HFA but I don't see any proof of that in the release notes.
Regards,
Werner Brockhoven
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
