We're not getting any complaints about Visitor Mode disconnects, but we discourage it unless needed. The double encryption-decryption puts a definite strain on lower end computers, like those below 1 GHz. On a 500 MHz P-III, Visitor Mode has a response that's only slightly better that dial-up. Yes, we are using compression, but straight IPSec doesn't have the issue.
Ray
From: "Jeanne MAILLARD" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CheckPoint Visitor Mode Date: Tue, 31 Aug 2004 15:27:45 +0200
Hello ! Maybe can you help me too... It's about disconnections when using Visitor Mode. Have you heard about this problem ? Thanks for your help, Jeanne
----- Réacheminé par Jeanne MAILLARD/France/Transiciel le 31/08/2004 15:22 -----
Jeanne MAILLARD Pour : [EMAIL PROTECTED] cc : 31/08/2004 Objet : CheckPoint Visitor Mode 15:09
Hello,
I try to contact you thanks to the fw-1 mailing list. I've seen the message you've posted few months ago concerning Visitor Mode (see the copy of the text at the end of the mail). If you have a free moment, would you help me please ? I installed a SecureClient which can connect my VPN gateway (SecurePlateform) without any problem : everything goes well. I use Visitor Mode. As you have already noticed, there are frequent deconnections. I asked my ISP whether there is a transparent proxy and the ISP answered yes. Did you have time to think about the problem ? Are the deconnections induced by the transparent proxy ? I can't find informations on the knowledge base (SecureKnowledge)...
I hope you will have time to answer my question. Thank you in advance.
Sincerely, Jeanne.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg05886.html
Re: [FW-1] Office Mode (regular VPN) vs. Visitor Mode (TCP Tunneling) From: Markus Hofbauer Subject: Re: [FW-1] Office Mode (regular VPN) vs. Visitor Mode (TCP Tunneling) Date: Tue, 16 Mar 2004 06:09:22 -0800
I noticed that the client gets frequently disconnected when using Visitor Mode... never took the time to debug the reason. But I'm pretty sure it's not because of a bad ISP connectivity from the client.
/Markus
At 13:42 16.03.2004, you wrote: >Is there any reason that I shouldn't make Visitor Mode my default for my SecurClient >users? > >If visitor mode encapsulates everything through TCP 443, therefore making it easier >for my users to connect from various places, why wouldn't I just make it the >'standard'? > >What's the downside? > Markus Hofbauer, IT-Service / Security Bacher Systems EDV GmbH, Wienerbergstr. 11B, A-1101 Wien, Austria phone: +43 (1) 60 126-34 | fax: +43 (1) 60 126-4 e-mail: [EMAIL PROTECTED] | web: www.bacher.at
Jeanne Maillard -=-=-=-=-=-=-=-=- TRANSICIEL European Security Expertise Center Apprentie DESS Systèmes de Télécoms & Réseaux Tél. +33 (0)5 61 30 60 24 Mobile +33 (0)6 68 53 88 02 E-mail : [EMAIL PROTECTED] http://www.transiciel.com
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
