Yeah, we have that checked for the VPN. I have a ticket open with checkpoint Maybe they will be able to shed some light. Thanks though.
stew -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Friday, September 24, 2004 8:33 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Citrix through Edge VPN Well, live and learn. Thanks for the clarification. Do you mean the "accept all encrypted traffic" check box? I've never used that for some reason, but I ferget why. Ray >From: Stewart Williams <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Citrix through Edge VPN >Date: Fri, 24 Sep 2004 16:46:23 -0400 > >Actually, its coming from the "Accept VPN Traffic" rule, which allows >traffic from any to any via VPN communities based on encryption >services. This is an implied rule that was created when I made the VPN >community. > >Im on 4.5.45x firmware for the edge. >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED] On Behalf Of Ray >Sent: Friday, September 24, 2004 4:29 PM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Citrix through Edge VPN > >Which firmware are you on? They're revising it a lot and the latest I've >seen is 4.5.49. That's the first place I would start. I've got a few >Edge >cases open with Check Point and they have been super-responsive in >working >with us. > > >The problem is that I do not set which > >one of these services I want the traffic to use, since it is through >the > >vpn it all comes in as rule 0. Anyone have any ideas? > >Huh? If it's coming in on Rule 0, the implied rules, it's coming from >outside the VPN. Go into SmartView Tracker, VPN-1, scroll way to the >right >and filter on Community for your Edge VPN community to see what's going >through the VPN. > >Ray > > >Reply-To: Mailing list for discussion of Firewall-1 > ><[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: [FW-1] Citrix through Edge VPN > >Date: Fri, 24 Sep 2004 12:55:26 -0400 > > > >I have read about a number of Citrix issues through FW-1, but I havent > >read anything about getting it to work through a vpn. I have a vpn > >between an R55 cluster and an Edge X device. I can do all normal >traffic > >through vpn without a problem (term serv, icmp, ftp) but citrix > >connections tend to drop every so often (about every 20 minutes). Is > >there something I need to do in the FW ruleset? I notice that there are > >2 services defined for tcp 1494. The problem is that I do not set which > >one of these services I want the traffic to use, since it is through >the > >vpn it all comes in as rule 0. Anyone have any ideas? > > > >stew > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > >_________________________________________________________________ >Express yourself instantly with MSN Messenger! Download today - it's >FREE! >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
