Re: [FW-1] URGENT - SecureClient Issue

[Ray [Permanent Link]]

I can't remember where it is right now in the global properties, but you 
need to make sure it's set to rematch the connections on policy install. If 
it's not keeping or rematching, you'll get dropped.
Keeping is a bad option. If an existing connection is now disallowed by the 
new security policy, the connection will remain active until it ends itself.
Ray


> From: Christopher McGill <christophermcgill2007 AT GOOGLEMAIL DOT COM>
> Reply-To: Mailing list for discussion of Firewall-1              
> <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] URGENT - SecureClient Issue
> Date: Tue, 27 Mar 2007 10:59:53 +0100
>
> Hi,
>
>  I have setup a SecureClient RemoteAccess VPN to a customer's
> SMARTCenter/Enforcement Module (Stand-Alone Deployment), I am 
> authenticating
> myself with LDAP.  I am getting authenticated fine, able to ping a host in
> the VPN Domain.  I am trying to manage the enfrocement module, I can 
> connect
> with SMARTDashboard fine, but when I try to install the policy I am getting
> disconnected.  I have even tried install the current policy with no
> changes.  Here are my security policy and desktop security policy rules
> relating to this:
>
> VPN-Users    BELFAST_GW0023          Remote-AccessCommunity    Any   Accept
>                     VPN_Networks_Group
>
>
> Desktop Security Policy:
>
> Inbound:  None
>
> Outbound:
>
>  VPN-Users   BELFAST_GW0023 + VPN_Networks_Group  Any Encrypt
>
>
> The rulebase was not set to any, it limited protocol inbound, I set this to
> any troubleshoot.
>
> My understanding is this is all that should be needed, implied rules on the
> desktop security policy let traffic from the client pass.  And the  module
> is set to accept remote/checkpoint control connections.
>
>
> Any help would be great.  Thanks
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
_________________________________________________________________
Get a FREE Web site, company branded e-mail and more from Microsoft Office 
Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================