I have problems use Securemote, I'm using FW-1 4.1 with SP1 build 41603 and
Securemote 4.1 Sp1 des build 4153, I think that I configured all but I
don't know if I miss something I defined and object for the FW with the
external IP address, then create a group that will be the domain for
encryption and in that group I put the object of the FW and object for my
internal network, I mark in the FW object the check box that said Exportable
for Securemote. I'm using FWZ encryption scheme, I generate the key manager
and the DH key, and check the option of encapsulation, for last I put a rule
that allows a group of users to use the service of pop-3 on one of my mail
servers and the rule look like this.
source destination service
action
xxx@any Domain_Encript_Group pop-3 client-encrypt
In the process to make all these work I notice that the client of securemote
can get the keys from the FW, and gets no error at that point but when I try
to use the pop-3 service the FW rejected then I put a rule that allows the
pop-3 traffic from any to the mail server and then the encryption started to
work but the rule that allows the traffic is the second rule so my rule base
nows looks like
source destination service
action
xxx@any Domain_Encript_Group pop-3 client-encrypt
any Mail_server pop-3
accept
all the traffic its encrypted, i notice that cause the log of the FW show
entries that said that the machine with securemote is been decrypted and
allow it to go to the mail server also there apear the user that I'm using
to authenticate but the in the rule field apears the second rule, what could
be the problem cause if I disable the second rule the traffic start to get
rejected, Thanks to all for your help!!!
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
