We're not getting any complaints about Visitor Mode disconnects, but we
discourage it unless needed. The double encryption-decryption puts a
definite strain on lower end computers, like those below 1 GHz. On a 500 MHz
P-III, Visitor Mode has a response that's only slightly better that dial-up.
Yes, we are using compression, but straight IPSec doesn't have the issue.
Ray
From: "Jeanne MAILLARD" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CheckPoint Visitor Mode
Date: Tue, 31 Aug 2004 15:27:45 +0200
Hello !
Maybe can you help me too...
It's about disconnections when using Visitor Mode. Have you heard about
this problem ?
Thanks for your help,
Jeanne
----- Réacheminé par Jeanne MAILLARD/France/Transiciel le 31/08/2004 15:22
-----
Jeanne
MAILLARD Pour : [EMAIL PROTECTED]
cc :
31/08/2004 Objet : CheckPoint Visitor
Mode
15:09
Hello,
I try to contact you thanks to the fw-1 mailing list.
I've seen the message you've posted few months ago concerning Visitor Mode
(see the copy of the text at the end of the mail).
If you have a free moment, would you help me please ?
I installed a SecureClient which can connect my VPN gateway
(SecurePlateform) without any problem : everything goes well. I use Visitor
Mode.
As you have already noticed, there are frequent deconnections. I asked my
ISP whether there is a transparent proxy and the ISP answered yes.
Did you have time to think about the problem ?
Are the deconnections induced by the transparent proxy ? I can't find
informations on the knowledge base (SecureKnowledge)...
I hope you will have time to answer my question.
Thank you in advance.
Sincerely,
Jeanne.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg05886.html
Re: [FW-1] Office Mode (regular VPN) vs. Visitor Mode (TCP Tunneling)
From: Markus Hofbauer
Subject: Re: [FW-1] Office Mode (regular VPN) vs. Visitor Mode (TCP
Tunneling)
Date: Tue, 16 Mar 2004 06:09:22 -0800
I noticed that the client gets frequently disconnected when using Visitor
Mode... never took the time to debug the reason. But I'm pretty sure it's
not because of a bad ISP connectivity from the client.
/Markus
At 13:42 16.03.2004, you wrote:
>Is there any reason that I shouldn't make Visitor Mode my default for my
SecurClient
>users?
>
>If visitor mode encapsulates everything through TCP 443, therefore
making
it easier
>for my users to connect from various places, why wouldn't I just make it
the
>'standard'?
>
>What's the downside?
>
Markus Hofbauer, IT-Service / Security
Bacher Systems EDV GmbH, Wienerbergstr. 11B, A-1101 Wien, Austria
phone: +43 (1) 60 126-34 | fax: +43 (1) 60 126-4
e-mail: [EMAIL PROTECTED] | web: www.bacher.at
Jeanne Maillard
-=-=-=-=-=-=-=-=-
TRANSICIEL European Security Expertise Center
Apprentie DESS Systèmes de Télécoms & Réseaux
Tél. +33 (0)5 61 30 60 24
Mobile +33 (0)6 68 53 88 02
E-mail : [EMAIL PROTECTED]
http://www.transiciel.com
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================