The problem was solved by defining from what interface to answer. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sagiv Filler Sent: Monday, July 25, 2005 11:19 AM To: [email protected] Subject: Re: [FW-1] NGX SecureClient Problem
Because prior to down loading topology you address a certain IP - (the IP of the external interface of the firewall. After downloading the topology the SecureClient has the topology of the internal network and ALL firewall interfaces (look at $SRDIR/database/userc.c file). when trying to connect, the firewall will choose to which interface to connect to base on the information in the topology. BTW - did you try my suggestion yet ? Sagiv -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ilia Shapira Sent: Monday, July 25, 2005 9:10 AM To: [email protected] Subject: Re: [FW-1] NGX SecureClient Problem The problem is that when a client creates a new site it successfully connects to our firewall and I see his connection in the log. So if the problem is topology why when he creates a site everything is ok and when later he tries to connect he cant and I don't see him in logs? -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sagiv Filler Sent: Tuesday, July 19, 2005 9:57 AM To: [email protected] Subject: Re: [FW-1] NGX SecureClient Problem This issue usually happened because of the topology download. According to its own IP the client calculate to which interface it should address. I guess if you will run srfw monitor you will see to which Interface it try to communicate with. SecuRemote has 3 ways to calculate the best path : A Gateway has more than one interface through which a VPN tunnel can be created, remote clients have to select a particular interface. The resolving of the appropriate interface can be done either statically, according to the Gateway topology settings, or dynamically, by sending RDP (UDP 259 ) packets to both interfaces and choosing the first to respond. If you configure the resolving to be done dynamically, specify the frequency of the resolving operation in the VPN Advanced page of the Gateway object. My suggestion to solve this issue is to drop RDP as the first rule on the gateway if using SDL or on the client as a rule if not using SDL. You will need to create an object with the ip address of the interface you DO NOT want it to reply to the RDP request and add it to a rule. For more detailed information regarding the mechanism look at the help in the Global properties=>Remote access=>Vpn advanced Let us know if it solve the problem, Sagiv -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ilia Shapira Sent: Tuesday, July 19, 2005 9:13 AM To: [email protected] Subject: [FW-1] NGX SecureClient Problem We currently using NG and doing tests of NGX on a new machine. We see a very strange problem, when a user try to remotely connect using NGX version of SecureClient he can successfully create a new site on his SecureClient but when he try to connect he fails to connect to the firewall. What is very strange is that when he creates a new site I can see him in the firewall logs but when he tries to connect I don't even see that he try ! When the remote user uses R56 SecureClient everything is ok Anyone else has the same problem ? Is this the NGX version of SecureClient bug or there is something new in NGX that I miss ? ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ************************************************************************ ************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= <http://111775.sigclick.mailinfo.com/sigclick/0203020F/04074F05/014E0143 238323.jpg> Make sure YOUR emails don't get lost! Download Mailinfo here <http://www.mailinfo.com/web/?uid=111775> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ************************************************************************ ************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= <http://111775.sigclick.mailinfo.com/sigclick/00080307/02044405/05450021 920518.jpg> Make sure YOUR emails don't get lost! Download Mailinfo here <http://www.mailinfo.com/web/?uid=111775> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
