Hi Joe,
The correct answer is for you to call Check Point and tell them you want hotfix SHF_FW1_R55_0123 for your gateway platform and you want it TODAY. It will install on top of HFA08. It does require a reboot of the gateway but it fixes the problem.
Tell them you cannot believe they just told you to roll back to a version and make yourself susceptible to the ASN.1 security problem.
If the end user's real IP changes over a short period of time, the problem occurs, such as dialing in, disconnecting and then dialing back in.
Ray
From: Joe Pope <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] Beware R55 HFA08! Date: Thu, 12 Aug 2004 11:47:30 -0400
Warning if use VPN with R55, especially SecuRemote/SecureClient!
After upgrading from HFA04 to HFA08 we started having decryption errors (VPN error code 03) with our SecureClient users. Somehow the logged IP address of the VPN Peer Gateway is getting changed (by the firewall) and then decryption fails. It does not affect all SecureClient users at the same time, and after a few hours the problem goes away! I checked my SecureClient while monitoring my firewall logs, and my SecureClient IP address was not being reported in the firewall logs correctly.
I submitted a trouble ticket with Check Point and they know about this problem, and they suggested I roll back to HFA04. They said HFA09 is suppose to fix this problem, but no word on when to expect this fix.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
