If I understand it correctly, change the following parameter in userc.C:
:allow_clear_in_enc_domain (false) to
:allow_clear_in_enc_domain (true)
Regards,
Matt Goddard
CCSA, MCSE, CCNA
Security Information Team
Schneider National, Inc.
ph: 920.592.4787
"Anyone who has never made a mistake has never tried anything new." -Albert
Einstein
|---------+-------------------------------------------->
| | Ray <[EMAIL PROTECTED]> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[EMAIL PROTECTED]|
| | KPOINT.COM> |
| | |
| | |
| | 03/16/2005 06:22 PM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: [email protected]
|
| cc:
|
| Subject: Re: [FW-1] SecureClient inside the encryption domain
|
>----------------------------------------------------------------------------------------------|
I don't understand the problem. Is it that you can't even get an IP address
via DHCP when in the encryption domain and disconnected? if so, add a rule
allowing it for the group [EMAIL PROTECTED]
Ray
>From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>Reply-To: Mailing list for discussion of Firewall-1
><[email protected]>
>To: [email protected]
>Subject: [FW-1] SecureClient inside the encryption domain
>Date: Wed, 16 Mar 2005 18:27:31 +0100
>
>hi list,
>ive got a question concerning when SC is inside the encryption domain. SC
>is working in "Connect Mode" and we have enabled the option that when the
>SC is disconnect all the traffic will be dropped. When SC is outside the
>enc domain the SC will get an IP address from the configured IP pool and
>the user can access hosts inside the enc domain.
>
>Is there any way without receiving an IP address from the IP pool when the
>SC is inside the enc domain? (only logon to policy server, the FW
>recognize that the SC is part of the encryption domain and traffic will be
>unencrypted between machines in the enc domain)
>
>thx
>doehni
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
