hi,
what's your problem? office-mode config in R65 is really similar to
R60/R61/R62
br
reinhard
Hi Guys,
Does anyone have any idea on how to config office mode for R65?
It is not the same as R61 anymore and I am confused.
Thankx in advance.
Bill
-
Hi Guys,
Does anyone have any idea on how to config office mode for R65?
It is not the same as R61 anymore and I am confused.
Thankx in advance.
Bill
-
Never miss a thing. Make Yahoo your homepage.
Scanned by Check Point Total Security Gateway.
Bill Smith wrote / napísal(a):
Hi Guys,
Does anyone have any idea on how to config office mode for R65?
It is not the same as R61 anymore and I am confused.
Thankx in advance.
Bill
I think in documentation for R65 is good description.
Scanned by Check Point Total Security Gateway.
Bill Smith wrote:
Hi Guys,
Does anyone have any idea on how to config office mode for R65?
It is not the same as R61 anymore and I am confused.
are you sure ? it's the same from R60 onwards. it's even simmilar to R55.
Scanned by Check Point Total Security Gateway.
to the router.
Ray
Date: Fri, 21 Dec 2007 09:29:05 +0100
From: [EMAIL PROTECTED]
Subject: [FW-1] AW: [FW-1] Office-Mode egress filtering
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Ray, Reinhard,
thanks for your replies!
Ray,
Since you can use any IP range at all for Office Mode, it would
-
Von: Mailing list for discussion of Firewall-1 [mailto:FW-1-
[EMAIL PROTECTED] Im Auftrag von Ray
Gesendet: Freitag, 21. Dezember 2007 18:42
An: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Betreff: Re: [FW-1] AW: [FW-1] Office-Mode egress filtering
You're asking for the firewall to route
Hello List,
when defining office mode to hand out IP addresses to SecureClient users,
Check Point will happily route traffic from the internal LAN to addresses in
the office mode range to its default gateway if the target IP of office mode
isn't handed out to a user.
Does anyone have a good
Since you can use any IP range at all for Office Mode, it would be tough. Why
is this an issue?
Ray
Date: Thu, 20 Dec 2007 17:00:25 +0100
From: [EMAIL PROTECTED]
Subject: [FW-1] Office-Mode egress filtering
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Hello List,
when defining
IP range at all for Office
Mode, it would be tough. Why is this an issue?
Ray
Date: Thu, 20 Dec 2007 17:00:25 +0100
From: [EMAIL PROTECTED]
Subject: [FW-1] Office-Mode egress filtering
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Hello List,
when defining office mode to hand out IP
Hi,
We have a NGR62 on Nokia...and securecleint users 300+ setup on office mode
Very frequently our users have problems connecting with the below error in
the logs
Encryption fail reason Packet is *from* a *Physical* *IP* address but
Office mode is active
Checkpoint Sk searches and solutions
-Ursprüngliche Nachricht-
Von: john maverick
Gesendet: 18.08.2007 10:26:36
An: john maverick;FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Betreff: [FW-1] Office mode problems galore
Hi,
We have a NGR62 on Nokia...and securecleint users 300+ setup on office mode
Very frequently our users
On Sat, 18 Aug 2007, john maverick wrote:
We have a NGR62 on Nokia...and securecleint users 300+ setup on office mode
Very frequently our users have problems connecting with the below error in
the logs
Encryption fail reason Packet is *from* a *Physical* *IP* address but
Office mode is active
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office mode problems galore
Date: Sat, 18 Aug 2007 13:49:39 +0530
Hi,
We have a NGR62 on Nokia...and securecleint users 300+ setup on office mode
Very frequently our users have problems
Thanks for all the replies, I've managed to get NAT working on the VMware's,
this definitely simplifies things (I hope it won't be too difficult to
implement).
My one remaining question is on product selection / pricing:
-Can I buy a self-managed VPN-1 edge with Office Mode, without a
@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode and Vmware machines with local IP
addresses
Thanks for all the replies, I've managed to get NAT working on the
VMware's,
this definitely simplifies things (I hope it won't be too difficult to
implement).
My one remaining question is on product
-
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On
Behalf Of Gary Scott
Sent: Thursday, November 30, 2006 3:36 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode and Vmware machines with local IP addresses
Yes. You can do OM on a self
Hi everyone,
I have an unusual setup in one of our branch offices, and I can't figure out
whether Check Point's VPN gateway will work for me.
The entire office is NAT'ed behind a local Linux Firewall right now (
192.168.x.x).
There are multiple servers internally that all have local IP address (
Subject: [FW-1] Office Mode and Vmware machines with local IP addresses
Hi everyone,
I have an unusual setup in one of our branch offices, and I can't figure out
whether Check Point's VPN gateway will work for me.
The entire office is NAT'ed behind a local Linux Firewall right now (
192.168.x.x
compared to vpn-1.
Lars
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf
Of Jaja Banks
Sent: 29. november 2006 22:25
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode and Vmware machines with local IP
: Wednesday, November 29, 2006 5:43:44 PM
Subject: Re: [FW-1] Office Mode and Vmware machines with local IP addresses
If I am reading this right, the biggest problem I see with your scenario is the
fact that every VM has
its own IP on the network. This means that logically they are directly
connected
Morning all.
I have customer with a clustered (VRRP) NG R55 solution. They have the
need to supply a particular group of users with an internal IP address
through office mode, plus registering those details in the internal DNS
servers.
This renders the manual method useless, and we have
Also, forgot to mention, what would stop the internal machines grabbing a
DHCP address from the additional range rather than their internal range ?
On 31/08/06, Neil Kemp [EMAIL PROTECTED] wrote:
Good afternoon all.
I have a quick question, having never done this before with DHCP. I have a
Good afternoon all.
I have a quick question, having never done this before with DHCP. I have a
customer with an NG R55 firewall, with an internal subnet and several
SecureClient remote users. They want to be able to assign the remote users
IP addresses from the Internal DHCP Server.
My question
Good Morning,
does anyone know if I just wanted to assign the WINS and DNS servers, and
not assign IP addresses from a pool but maintain the clients existing IP
address - would this work ?
Thanks.
=
To set vacation, Out-Of-Office, or away
Sure you could use the dnsinfo.c file to pass DNS and some Microsoft
Networking information. If you can just get by with DNS you can use a
Securemote DNS server.
On 5/15/06, Neil Kemp [EMAIL PROTECTED] wrote:
Good Morning,
does anyone know if I just wanted to assign the WINS and DNS
of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
03/24/05 07:13 PM
Please respond to Mailing list for discussion of Firewall-1
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
cc:
Subject:Re: [FW-1] Office Mode in SecuRemote mode?
Is it possible
client software
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Manjula
Kularathne
Sent: Tuesday, February 28, 2006 7:24 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode IP Address Assignment
My
Good Afternoon
I have heard that if you install SecureClient and authenticate against a CP
Firewall without the SecureClient licence installed, you can still make use
of the Office Mode IP address assignment - does anyone have experience of
this ?
Thanks
PROTECTED] On Behalf Of Neil
Kemp
Sent: Monday, February 27, 2006 8:45 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP Address Assignment
Good Afternoon
I have heard that if you install SecureClient and authenticate against a
CP
Firewall without the SecureClient licence
Solutions, an ASC Company
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Neil
Kemp
Sent: Monday, February 27, 2006 8:45 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office
: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Neil
Kemp
Sent: Monday, February 27, 2006 8:45 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP Address Assignment
Good Afternoon
I have heard that if you install SecureClient
February 2006 5:51 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode IP Address Assignment
I would have to respectfully disagree with this latest statement. I do
not
have a SecureClient license and have Office Mode enabled. My users are
running the R56 - Build 619
to schedule. --Dan Fylstra
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf
Of East, Bill
Sent: Thursday, November 03, 2005 3:46 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Does your firewall object have the external IP or the
internal IP? It has to be the external IP.
If it works with hub mode, that tells me it's a routing
issue. SecureClient doesn't know how to find the policy
@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Date: Wed, 12 Oct 2005 12:41:05 +0200
Hi Ray,
Does your firewall object have the external IP or
the internal IP? It has to be the external IP.
Yes, my firewall object has the external IP.
If it works with hub mode, that tells me it's
@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Date: Tue, 11 Oct 2005 11:45:06 +0200
May any one please give me the steps to configure
Office Mode-IP POOL on SecureClient R55?
I tried to follow steps described on VPN-1 guide
but I
still have problems (my SecureClient
: [FW-1] Office Mode SecureClient
Hi Bill,
This means that the POOL network object (internal
addresses that will be affected to remote clients)
is located in a group that is defined as VPN domain.
--- Bill Smith [EMAIL PROTECTED] a écrit :
Hi there,
what do you mean by network
PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Date: Tue, 11 Oct 2005 11:45:06 +0200
May any one please give me the steps to configure
-
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On
Behalf Of cp user
Sent: Saturday, October 08, 2005 5:46 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Hi Bill,
This means that the POOL network object (internal addresses
please?
-Original Message-
From: Sahli, Mike [mailto:[EMAIL PROTECTED]
Sent: Jueves, 06 de Octubre de 2005 07:42 a.m.
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Your problem is probably address spoofing check
your logs
domain but the problem is still here!! what may I do
please?
-Original Message-
From: Sahli, Mike [mailto:[EMAIL PROTECTED]
Sent: Jueves, 06 de Octubre de 2005 07:42 a.m.
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Your
spoofing.
-Original Message-
From: Sahli, Mike [mailto:[EMAIL PROTECTED]
Sent: Jueves, 06 de Octubre de 2005 07:42 a.m.
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Your problem is probably address spoofing check
your logs for all
Hi list,
I configured Office Mode with IP Pool on the gateway
side.
Once I check Support Office Mode on my SecureClient,
it can no longer logon to policy server and download
policy. The Connect returnes:
Connecting to gateway...
Negociation succeeded, tunnel test failed
Connected to
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode SecureClient
Hi list,
I configured Office Mode with IP Pool on the gateway
side.
Once I check Support Office Mode on my SecureClient,
it can no longer logon to policy server and download
policy. The Connect returnes
: [FW-1] Office Mode SecureClient
Your problem is probably address spoofing check your logs for all traffic
coming in from a known client that is failing.
Michael D Sahli
Sr. Network Engineer
Lockheed Martin IT @ SMECO
-Original Message-
From: cp user [mailto:[EMAIL PROTECTED]
Sent
PROTECTED]
Sent: Jueves, 06 de Octubre de 2005 07:42 a.m.
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode SecureClient
Your problem is probably address spoofing check
your logs for all traffic coming in from a known
client that is failing.
Michael D Sahli
PROTECTED] On
Behalf Of Eric
Janz
Sent: vrijdag 10 juni 2005 16:23
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office mode DHCP problem with Secure Client
Hi,
we setup Ofice mode with DHCP these days with also a lot of problems. Our
problems were due to that we thought
We noticed that new installations of Secure client aren't getting an ip
address, while working in office mode.
Normally when a SecureClient sets up a connection with our Firewall, it is
supplied with an IP adres from our DHCP
server.
However when a system has a new installation of
Hi,
we setup Ofice mode with DHCP these days with also a lot of problems. Our
problems were due to that we thought that the vpn macutil command needs
just the username but it did not work (we got wrong mac's) until we used
the FQUS (i.e. CN=username,C=users,O=gateway). Well, we are using
of Firewall-1
[mailto:[EMAIL PROTECTED] Ray
Verzonden: dinsdag 12 april 2005 0:30
Aan: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Onderwerp: Re: [FW-1] Office Mode IP assignment
Hi,
Are you certain? I understand what you're saying but that
contradicts the
docs.
Ray
From: Dion-ben Hendriks
-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode IP assignment
Date: Tue, 12 Apr 2005 09:17:49 +0200
Ray,
are you confusing Use IP Pool NAT for VPN Clients connections in the NAT
tab
Mode IP assignment
Date: Mon, 11 Apr 2005 06:54:12 +0200
-Oorspronkelijk bericht-
Van: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Ray
Verzonden: zondag 10 april 2005 20:32
Aan: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Onderwerp: Re: [FW-1] Office Mode IP
-Oorspronkelijk bericht-
Van: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Ray
Verzonden: zondag 10 april 2005 20:32
Aan: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Onderwerp: Re: [FW-1] Office Mode IP assignment
[snip % \]
Whatever IP range you assign
@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP assignment
I saw some posts on this, and I have this question: Is there a way to
allocate a subset of our internal class C subnet for Office mode client
use? I.e., we have a class C subnet x.y.z.0 and we want to use say,
x.y.z.101 through 110
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP assignment
I saw some posts on this, and I have this question: Is there a way to
allocate a subset of our internal class C subnet for Office mode client
use? I.e., we have a class C subnet x.y.z.0 and we want to use say,
x.y.z.101
: [FW-1] Office Mode IP assignment
I saw some posts on this, and I have this question: Is there a way to
allocate a subset of our internal class C subnet for Office mode client
use? I.e., we have a class C subnet x.y.z.0 and we want to use say,
x.y.z.101 through 110 for the Office mode clients. We
I saw some posts on this, and I have this question: Is there a way to
allocate a subset of our internal class C subnet for Office mode client
use? I.e., we have a class C subnet x.y.z.0 and we want to use say,
x.y.z.101 through 110 for the Office mode clients. We just tried this
with our
[mailto:[EMAIL PROTECTED] On Behalf Of David
Strom
Sent: Thursday, April 07, 2005 4:11 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP assignment
I saw some posts on this, and I have this question: Is there a way to
allocate a subset of our internal class C subnet
that holds the Virtual MAC address or
you will have Office Mode problems.
Ray
From: Gerson Levitz [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP
Hi all,
I have office mode working with manual assignment which is working fine.
I recently had the need to provide a small group of users with
addresses from a different range.
I modified the ipassignment.conf file as required. (At first the range
for the group only had two addresses.)
When I
Office Mode problems.
Ray
From: Gerson Levitz [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode IP assignment (ipassignment.conf)
Date: Thu, 31 Mar 2005 09:56:38
-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Cc:
Subject: Re: [FW-1] Office Mode in SecuRemote mode?
OK, Thanks for the quick reply!
Are you saying that if I install Secure Client and Enable Office
Mode... yet I don't any Secure Client Licenses... it will just
http://oldfaq.phoneboy.com/gurus/200311/msg00030.html
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Nick
Rawlins
Sent: Thursday, March 24, 2005 9:28 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Office Mode
Office mode is available only in SecureClinet as one of its paid featurs.
Milon
On Thursday 24 of March 2005 16:27, Nick Rawlins wrote:
Hi All,
Is it possible to select office mode in SecuRemote mode and *not* Secure
Client?
Everytime I check the checkbox in SecuRemote mode it
OK, Thanks for the quick reply!
Are you saying that if I install Secure Client and Enable Office
Mode... yet I don't any Secure Client Licenses... it will just work as
SecuRemote ??
Many Thanks,
Nick
On Thu, 24 Mar 2005 12:13:56 -0500, Thorsten Behrens
[EMAIL PROTECTED] wrote:
Is it
I upgraded my SC installation from R56 HFA01 to HFA02 and immediately began
having problems with Office Mode. Specifically, it's not working any more.
The Status dialog shows ip assignment failed and an ipconfig /all
doesn't show the virtual adapter at all. I tried rebinding the adapter to no
Hi
FW1 NG FP2, Solaris 8, SecuRemote/SecureClient R56
I have SecuRemote users that are behind Linksys NAT
routers and cable modems connecting to FW1. I'm having
trouble with duplicate private IP's used on clients
connecting from different NAT routers. I believe
office mode is supposed to help
To: [EMAIL PROTECTED]
Subject: [FW-1] Office Mode with SecuRemote?
Hi
FW1 NG FP2, Solaris 8, SecuRemote/SecureClient R56
I have SecuRemote users that are behind Linksys NAT
routers and cable modems connecting to FW1. I'm having
trouble with duplicate private IP's used on clients
connecting from
-
De: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] En nombre de Tech
Enviado el: Miércoles, 22 de Septiembre de 2004 03:40 p.m.
Para: [EMAIL PROTECTED]
Asunto: [FW-1] Office Mode with SecuRemote?
Hi
FW1 NG FP2, Solaris 8, SecuRemote/SecureClient R56
I have SecuRemote
licenses for Office Mode. Your problem is
one
of the main reasons we bought SecureClient and it definitely fixes the
issue.
Ray
From: Tech [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Office Mode with SecuRemote?
Date
I believe SecureClient requires a paid-for license regardless of whether
Check Point is enforcing it technically or not.
Ray
From: Ramakrishnan Pillai [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office Mode
Hi ALL,
We have installed Checkpoint NG FP2 and configured it in office mode for remote users
to access internal resources through the checkpoint gateway using Ip Sec. For this i
used the guide prepared by checkpoint titled How to configure SecureClient, Office
Mode, Certificates, and Remote
Hi,
I was wondering if there is a kind soul who can help me out on this
I have the document given by checkpoint for reference if anybody is willing to help
-siva
Bob [EMAIL PROTECTED] wrote:
Hi ALL,
We have installed Checkpoint NG FP2 and configured it in office mode for
-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Monday, August 02, 2004 8:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office mode
Office Mode IP Pools CANNOT be part of the subnet of your internal networks,
however with the later versions of AI
, the Office Mode IP
address will get dropped as a spoof. Check Point claims this is a feature
and not a bug. :-)
Ray
From: Fabian Tuender [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office mode
Date: Tue, 3 Aug 2004
Goodevening,
I hope someone can clear a problem for me. We need to use office mode to
assign ip address to clients. Without office mode everything works fine, I
can get a connection with a secureremote client to our firewall and ping any
address behind it and all trafic passes trough without
feature and does not work with SecuRemote.
If you change the Office Mode IP Pool range, I believe you have to reboot
thegateway as well.
Ray
From: Fabian Tuender [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Office mode
Hi,
I tried to use SecureClient with Office Mode.
The Connection is established an i get 192.168.0.138 from DHCP but i cant
ping any internal host.
Tcpdump on the internal firewall interface shows, that the request is going
out but there is no answer to the ARP request.
17:10:46.250991
We need to be able to initiate a SecureClient Office Mode connection from
within the VPN Domain for a couple of reasons. The first is initial setup of
a computer. A second is allowing access to the firewall from an unknown IP
address.
I have the ipassignment.conf file in R55 HFA06 set up to always
perform the syntax check on the
management server.
Ray
From: RISPAL Yannick - NTR ( [EMAIL PROTECTED] )
[EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Office mode, ipassignment.conf and radius
authentication.
Date
-specific command, but I think
we both now know why they added it. :-)
Ray
From: RISPAL Yannick - NTR ( [EMAIL PROTECTED] )
[EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office mode, ipassignment.conf and radius
Dear all,
I've put in place a firewall module with VPN-1 and Policy server NGAI
(R54). My SmartConsole is also with version R54. There is also a radius
server with steel-belted radius v4.0. My secureclient is a R54 release.
I use some users created in the smartconsole database with radius
PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Office mode, ipassignment.conf and radius authentication.
Date: Thu, 22 Apr 2004 11:47:41 +0200
Dear all,
I've put in place a firewall module with VPN-1 and Policy server NGAI
Is there any reason that I shouldn't make Visitor Mode my default for my SecurClient
users?
If visitor mode encapsulates everything through TCP 443, therefore making it easier
for my users to connect from various places, why wouldn't I just make it the
'standard'?
What's the downside?
hi,
visitor-mode uses http-port for the VPN.
disavantage: TCP is slower than UDP (more header-info), if you have a
transparent http-proxy you will have problems with visitor mode.
cheers
reinhard
At 13:42 16.03.2004, you wrote:
Is there any reason that I shouldn't make Visitor Mode my default
Is there any reason that I shouldn't make Visitor Mode my
default for my SecurClient users?
If visitor mode encapsulates everything through TCP 443,
therefore making it easier for my users to connect from
various places, why wouldn't I just make it the 'standard'?
What's the downside?
I noticed that the client gets frequently disconnected when using Visitor
Mode... never took the time to debug the reason. But I'm pretty sure it's
not because of a bad ISP connectivity from the client.
/Markus
At 13:42 16.03.2004, you wrote:
Is there any reason that I shouldn't make Visitor
: Friday, February 27, 2004 5:26 PM
Subject: [FW-1] Office Mode Secure Client - restricting source IP address
Sorry for the long post...
Is it possible to restrict the source IP address for an Office Mode Secure
Client VPN connection? I'm able to do this for Transparent Mode Secure
Client
-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Behalf Of Russell
Aspinwall
Sent: mercredi, 28. janvier 2004 15:31
To: [EMAIL PROTECTED]
Subject: [FW-1] Office Mode SecureClient
Hi,
I am just going though the VPN-1 documentation, in particular SecureClient
Office Mode
Of Russell
Aspinwall
Sent: mercredi, 28. janvier 2004 15:31
To: [EMAIL PROTECTED]
Subject: [FW-1] Office Mode SecureClient
Hi,
I am just going though the VPN-1 documentation, in particular SecureClient
Office Mode.
Given the scenario where SecureClient users use the same IP address in
Office as well
]
Sent: Thursday, January 29, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office Mode SecureClient
How do you route through the gateway, if your users have tha
same IP address as on the internal LAN?
Christian ALT
Telecom and Logsitics Associates
Network and Security Company
Hi,
I am just going though the VPN-1 documentation, in particular SecureClient Office Mode.
Given the scenario where SecureClient users use the same IP address in Office as well
as at home
(they have routers which are configured with the same internal net). Can Office Mode
be made to work
so
PROTECTED]
Subject: [FW-1] Office Mode fails to connect
Greetings all -
I have an NG2 firewall n a Nokia IP440 running, and the SecureRemote clients
work fine. I purchased the requisite SecureClient licenses, but have yet to
be able to get this to work.
Here is the situation: I have a firewall
Greetings all -
I have an NG2 firewall n a Nokia IP440 running, and the SecureRemote clients
work fine. I purchased the requisite SecureClient licenses, but have yet to
be able to get this to work.
Here is the situation: I have a firewall, with a 10.0.0.0/8 network on the
inside, connected to
problem:
NG FP3 HFA 308
secureclient fp3 hf-1 build 53515
ip pool: 172.16.63.128 255.255.255.192 (!!)
client connects, gets 172.16.63.129 BUT 255.255.255.0
tested under Win2K and WinXP
anyone can say something about it?
reproduced? bug? config?
greez
--
Rainer Orsario, IT-Service / Security
Neil De La Cruz, CISSP
561-994-1900 x359
-Original Message-
From: De La Cruz, Neil [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 10:20 AM
To: [EMAIL PROTECTED]
Subject: [FW-1] Office Mode Issue
Hi,
Any input for the following situation would be greatly appreciated.
My
Hi,
Any input for the following situation would be greatly appreciated.
My platform is IP350 running NG FP2. I use Traditional Mode policies and
Client-Encrypt rules. The global property Enable decryption on accept is
not checked.
I have two groups of SecureClient users: Employees and
I've been building a test environment to replicate a clients Secure
Client problem with Office Mode. Having successfully configured Secure
Client without Office Mode, they wanted to enable the feature to simplify
their WAN routing problems for remote clients.
The problem they experience is that
Try giving the Address pool for Office mode strange and not at all related
to your setup , since the firewall thinks it is from the same subnet.
Bala
-Original Message-
From: Can2002 [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 1:08 AM
To: [EMAIL PROTECTED]
Subject: [FW-1
99 matches
Mail list logo
