Hi,
Could someone help me out please........
I'm currently running Checkpoint N.G FP2 and I've setup SecureClient using Connect & Office mode thus logging into the policy server and receiving an internal DHCP address from with the encryption domain......
It was all working fine and then a couple of weeks ago, I started getting error messages, such as "Tunnel Test Failed", "Failed to logon to Policy Server" and "Logon to policy server failed". The SecureClient is no longer logging into the policy server, but the connection still succeeded. Users could still login as if SecuRemote was running.........
If the enforcement module only has a route for your the SC client internal ip address block, you may run into Tunnel test failed problem. Please add a static route on the firewall that includes the DHCP address. This allow the firewall where to send the traffic when it receive an office mode connection.
Looking through the checkpoint logs, I could see some drop traffic with the error message saying "TCP Sequence Validator dropped packet with invalid ACK number".
Looking in the Global Properties under the Stateful Inspection tab and "TCP sequence verifier" the "Drop out of sequence packets" is already checked. If I uncheck this box and push the policy out. Users can now log into the policy server and down the policy and everything works. When I check the box again, it all stops.
Currently, that is the only solution to fix the problem.
Does anyone have any ideas why this happened and how to fix this...... Also what's the impact if I leave this unchecked?
Cheers Kalpesh
"This email and any attachments is intended for the addressee only. It may contain confidential, proprietary or legally privileged information and any views or opinions presented are solely those of the author. If you are not the addressee you have received this e-mail in error. Please notify the sender by return e-mail and then destroy it. If you have received this e-mail in error, copying, printing, forwarding or dissemination of this e-mail is strictly prohibited. We virus scan all e-mails but are not responsible for any damage caused by a virus or alteration by a third party after it is sent.
Website: http://www.kingston.com/europe
Registered in England, No: 3643195 VAT No: GB 720 5258 60"
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
