There has to be a way to set Secure Client to connect at a port (or ports) other than port 80 and 443... That it requires those ports is pretty stupid/irresponsible...
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of Sergio Alvarez Sent: Monday, September 24, 2012 11:23 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Setup of Remote VPN on R75+ AFAIK, you need TCP/443 when you enable "visitor mode", which basically makes the clients establish and SSL conection first and encapsulates an IPSec inside that. It is meant to avoid connectivity issues for users located on public sites, where only http/https is allowed to restrict Internet use to browsing only. I would say, try other "advanced" connectivity" features, such as TCP encapsulation. On Mon, Sep 24, 2012 at 10:08 AM, Nathan Hawkins <na...@thfcom.com> wrote: > > "fw ctl zdebug drop" displays ALL drops...I need a way to further > > filter > out the drops because there's too many drops to see the one(s) I want. > fw ctl zdebug drop | grep myipaddress > > In the global properties there is no specific "IKE" property. All > control connections are allowed First. > > > > Well, you use "client encrypt" in the action column in order to > > make > remote access work...what do you suggest? > set the user@at in the source, then restrict rule to apply only on > remoteaccess community. > (but it requires the policy to be moved to simplified mode). > > I think I read somewhere that Secure Client/Remote requires port 443 > to be open on the firewall...which I don't understand why that would > be a requirement when HTTPS is necessary for web server > applications...anyway...is there a way to make Secure Client/Remote > connect at a different port (I suspect so - how do you do so)? > > I don't like simplified mode...so how do you configure the rule policy > for secure remote connections for traditional mode? Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
