D'oh! That's exactly what was causing it. I didn't even realize that excluded services option was there, but when I checked snmp was listed plainly. Removing it and pushing policies to both firewalls resolved the problem.
Thanks for your help! ________________________________ From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Mark Pays Sent: Tuesday, July 06, 2004 8:53 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] SNMP not encrypting via Checkpoint VPN Tunnels. Have you checked the properties of your VPN community? Edit your community and check the "excluded services". These are not encrypted. You may have checked already but I caught myself out this way recently. -----Original Message----- From: Shane Presley [mailto:[EMAIL PROTECTED] Sent: 06 July 2004 14:28 To: [EMAIL PROTECTED] Subject: Re: [FW-1] SNMP not encrypting via Checkpoint VPN Tunnels. Are you using VPN communities (Simplified), or manually defined VPN rules (Traditional)? If so, what does the encrypt rule look like? Shane On Fri, 2 Jul 2004 12:32:46 -0500, Jarmoc, Jeff <[EMAIL PROTECTED]> wrote: > I have a situation where two firewalls are connected via a VPN tunnel. > Traffic is flowing through the tunnel, except for SNMP. For some > reason, the sending firewall is accepting SNMP, but not encrypting it. > Here are some of the stats for the two firewalls; > > Firewall A (sending side) > NG AI Hotfix .218 build 07 > IPSO 3.7 on an IP650 > > Firewall B (receiving side) > NG FP3 Build 53912 > IPSO 3.5.1-FCS3 on an IP330 > > The sending firewall shows our SNMP packets being accepted but not > encrypted. Other traffic with the same source and destination Ips is > accepted on the same rule, but the other traffic is encrypted. This > includes ping, http, telnet, dns, etc.. I've searched the rulebase > for anything handling SNMP differently and am not finding anything. > Is there something within Checkpoint itself that causes SNMP traffic > to be handled differently over VPN tunnels than other traffic? > > Thanks for your help. > > Jeff Jarmoc - CCSA, CCNA, MCSE > Sr. Network Analyst - Grubb & Ellis > 847.753.7617 - [EMAIL PROTECTED] > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------------------------------------------------ ------ The opinions expressed within this email represent those of the individual and not necessarily those of Gullivers Travel Associates (GTA). This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] Should you wish to use email as a form of communication, GTA are unable to guarantee the security of email content outside of our own computer systems. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
