Hi, Following my earlier posting regarding DHCP, DSL and SecureClient I have just found that CP have recently released a new version of SecurRemote/SecureClient - build 4165 that runs with CP2000 SP2 - One of the new features allows DHCP even if the policy server is set to "ENCRYPT Only" - which will resolve my issue -- I've not had a chance to test yet but it looks very promising. I don't know if there is anything new for other SR/SC users - if so please take a look, otherwise file this in the bit bucket ! Cheers Tim -----Original Message----- From: Chilton Tim [mailto:[EMAIL PROTECTED]] Sent: 24 August 2000 12:14 To: '[EMAIL PROTECTED]' Subject: [FW1] SecureClient, DHCP and internal policy Hi, I'm having trouble getting my head around an interesting problem on FW1 with client based VPN's and DHCP on DSL and wondered if anyone had hit similar issues. Platform CP2000, SP2 running on NT, SecureClient on client machines build 4157 -- not SecuRemote ! I am hoping to use DSL for many of the remote users - some with private DSL connections and have opted for SecureClient to enforce our internal security policy on all client machines (rejected SecurRemote since it doesn't enforce remote security), however this is preventing the DHCP services on the DSL modems from working. Now I know that the security policy for remote users is derived from the internal security policy and that DHCP is similar to BOOTP (UDP ports 67 and 68) so I could just open these ports up but given that DHCP/BOOTP is broadcast based and the IP addresses provided by the various providers will be live addresses this will also open up broadcasts and/or two UDP ports on my internal systems -- which are not required. How do I create a SecureRemote only rule to allow DHCP to function without lowering the internal security on my network -- sort of a Source Destination Service Action SecureRemote User any DHCP/BOOTP allow Has anyone been here before or know of a work-around. ? Advice would be welcome ! Cheers Tim Chilton mailto:[EMAIL PROTECTED] ************************************************************************ The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Capital Markets Company. http://www.capco.com *********************************************************************** ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ************************************************************************ The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Capital Markets Company. http://www.capco.com *********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
