Well, live and learn. Thanks for the clarification. Do you mean the "accept all encrypted traffic" check box? I've never used that for some reason, but I ferget why.
Ray
From: Stewart Williams <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] Citrix through Edge VPN Date: Fri, 24 Sep 2004 16:46:23 -0400
Actually, its coming from the "Accept VPN Traffic" rule, which allows traffic from any to any via VPN communities based on encryption services. This is an implied rule that was created when I made the VPN community.
Im on 4.5.45x firmware for the edge. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Friday, September 24, 2004 4:29 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Citrix through Edge VPN
Which firmware are you on? They're revising it a lot and the latest I've seen is 4.5.49. That's the first place I would start. I've got a few Edge cases open with Check Point and they have been super-responsive in working with us.
>The problem is that I do not set which >one of these services I want the traffic to use, since it is through the >vpn it all comes in as rule 0. Anyone have any ideas?
Huh? If it's coming in on Rule 0, the implied rules, it's coming from outside the VPN. Go into SmartView Tracker, VPN-1, scroll way to the right and filter on Community for your Edge VPN community to see what's going through the VPN.
Ray
>Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [FW-1] Citrix through Edge VPN >Date: Fri, 24 Sep 2004 12:55:26 -0400 > >I have read about a number of Citrix issues through FW-1, but I havent >read anything about getting it to work through a vpn. I have a vpn >between an R55 cluster and an Edge X device. I can do all normal traffic >through vpn without a problem (term serv, icmp, ftp) but citrix >connections tend to drop every so often (about every 20 minutes). Is >there something I need to do in the FW ruleset? I notice that there are >2 services defined for tcp 1494. The problem is that I do not set which >one of these services I want the traffic to use, since it is through the >vpn it all comes in as rule 0. Anyone have any ideas? > >stew > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >=================================================
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
