There has to be a way to set Secure Client to connect at a port (or ports)
other than port 80 and 443... That it requires those ports is pretty
stupid/irresponsible...
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM]
As said... it uses TCP/443 when you enable the feature called Visitor
Mode. You can choose to use UDP or TCP encapsulation and that would make
it work on other ports.
On any case, I don't see how using a well used port would be
stupid/irresponsible.
On Wed, Sep 26, 2012 at 7:50 AM, Nathan
Because HTTP/HTTPS is used for web servers - almost exclusively. I cant believe
that I'm supporting the only company on Earth who uses Checkpoint at the edge
with web servers that need port 80 and 443 opened and NATed to them without the
FW intercepting that traffic for Remote VPN connectivity.
Well, usually the Firewall public IP is not used to staticaly NAT web
servers, so regularly this is not an issue... anyway.
I have mentioned already that you could try using something else like TCP
encapsulation, have you tried that??
So far you have not mentioned anything about the logs... have
Global Properties Remotes Access VPN Auth and Ecryp IKE over TCP
- here you enable support for TCP encapsulation on the gateway
Gateway Properties IPSec VPN Remote Access Support NAT Traversal
-- Here you enable support for a propietary UDP Encapsulation on the
gateway.
Now, on the
All of that was already set (checked) and applied to the GW
On the Client (E75.20 is currently installed), what I see at the FW and other
logs I'm using to troubleshoot this is only HTTP/HTTPS connections and I cant
configure anything else because when I go to create a new site it fails and
The E7x clients do operate a bit differently than the older R60 IPSEC client, I
think the initial https connection from the client are for auth purposes, a
change from the older hybrid mode auth. Even though no longer supported can you
connect with the R60 client?, unless using visitor mode it