please check if you have checked "enable back connections" in the global properties -> remote access
cheers reinhard
At 01:09 06.05.2004, you wrote:
Make sure you have an inbound rule on the desktop policy that allows the encryption domain to connect to the remote access users group. I didn't add any NAT rules and I routinely ping our Office Mode IP pool to see who is conencted. We also use NetMeeting for desktop remote support.
Ray
From: Geoff Brisbine <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecureClient and Back Connections Date: Wed, 5 May 2004 14:09:11 -0500
Heh...
I was just on with HP support for our Check Point and they mentioned off-hand something about the only way that Back Connections with is with office mode.
I just tried to ping an office mode machine, with the office mode client's security policy disabled, and it worked just fine. Once I re-enabled the client security policy I could only access it per the security policy rules.
If you setup office mode, you may want to setup a couple NAT rules so it doesn't NAT traffic between your internal network and the office mode network.
Good luck!
Geoff
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Neil Kemp Sent: Wednesday, May 05, 2004 6:44 AM To: [EMAIL PROTECTED] Subject: [FW-1] SecureClient and Back Connections
Good afternoon. I am working on site at the moment configuring SecureClient for a customer.
It is all working, no problems. What the customer would like to do is to allow connections from within the encryption domain out to the connected SecureClients for support matters, remote control etc.
I have enabled back connections form within the global policy. What else do I need to perform in order to get this working ? A ping will do for the time being.
Any help would be appreciated.
Thanks.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Express yourself with the new version of MSN Messenger! Download today - it's FREE! http://messenger.msn.com/go/onm00200471ave/direct/01/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Reinhard Stich ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
