Hi,
I hope this is an easy one and I'm just overlooking something.
I have a SecuRemote client configured and it can fetch the topology of
the encryption domain.
in my experimental rulebase I have two rules:
securemote-test@any any HTTP->CVP-Resource client-encrypt
securemote-test@any encryption-dom telnet client-encrypt
The first rule enables the client to set the firewall up as its
http-proxy and thus use the CVP server for content security. This
works fine.
The second rule should allow telnet access to one host behind the
firewall. This host, pluto, has a 192.168. range address and static
NAT to a official address. Both addresses apear in the userc.c files.
Now, when I try to telnet to pluto, regardless which address used, I
can see the following in the firewall log file
Action Service Source Destination Rule User
authcrypt 62.124.21.165 1 test
authcrypt 62.124.21.165 2 test
drop telnet 62.124.21.165 pluto 25
Rule 25 is the last drop all rule
According to the "manual" rule 2 should be enough to enable the telnet
access from the authorized client to pluto.
What am I missing here???
Any comments and hints and of course solutions :-) are highly
appreciated.
Kind regards,
J�rg
// pallas GmbH ............ Joerg Oertel ...........
Hermuelheimer Str. 10 System engineer
D-50321 Bruehl, Germany [EMAIL PROTECTED]
phone +49-(0)2232-1896-0
http://www.pallas.de fax +49-(0)2232-1896-29
........................................................
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
