[EMAIL PROTECTED] wrote:
If I understand it correctly, change the following parameter in userc.C:
:allow_clear_in_enc_domain (false) to
:allow_clear_in_enc_domain (true)
this will not work because this option will only work when the SC is
working in transparent mode - we are using SC with connect mode.
If the user is using Office Mode then all traffic is
routed to the firewall and encrypted. This is due to the fact that
the office mode IP pool is not part of the encryption domain. The
routing table in the PC running SecureClient is modified by
SecureClient to add all networks within the encryption domain to
route to the Firewall. This may be good but it is not what I want,
I do not need to encrypt and route to the Firewall if I have
SC connected and am trying to access my internal resources.
If the User is not using Office Mode and is within the
encryption domain then packets sent to the Secure Networks will be
unencrypted and the Firewall log shows "Received
a cleartext packet within an encrypted connection"?! This is because
I believe cp will not encrypt a packet if the client is within the
encryption domain.
What I should do now? ...all what I want is that when the SC is inside
my network the SC should connect to the policy server (because all
should be dropped when the SC is disconnected) and recognize that there
is no need for encryption when accessing my internal networks resources.
Should I add the IP pool network to the encryption domain? since AI its
possible...but this will solve my problem? I am not sure...
I dont want to change the Remote Access parameter "When disconnected,
traffic to the encryption domain will be dropped" in global properties.
thx
andre
I don't understand the problem. Is it that you can't even get an IP address
via DHCP when in the encryption domain and disconnected? if so, add a rule
allowing it for the group [EMAIL PROTECTED]
ive got a question concerning when SC is inside the encryption domain. SC
is working in "Connect Mode" and we have enabled the option that when the
SC is disconnect all the traffic will be dropped. When SC is outside the
enc domain the SC will get an IP address from the configured IP pool and
the user can access hosts inside the enc domain.
Is there any way without receiving an IP address from the IP pool when the
SC is inside the enc domain? (only logon to policy server, the FW
recognize that the SC is part of the encryption domain and traffic will be
unencrypted between machines in the enc domain)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
