I'm trying to get Exceed 2006, an X-Windows client to some Unix boxes,
working over SecureClient. As long as I'm not VPNed in and I'm on the LAN,
it works fine so I know I have the desktop security policy right.
When I fire up Exceed, it is set to do an XDMCP broadcast to 192.168.2.255
rather than its default broadcast address of 255.255.255.255. I couldn't get
the default to work on just the LAN for whatever reason. The Unix boxes are
in another state.
Watching the SecureClient log viewer, I see the broadcast go out with an
Encrypt action but nothing comes back from the server on 192.168.2.1. When I
watch the log viewer on the LAN, I can see the Unix box come back
immediately with its X-11 traffic and I get the correct login screens.
The 192.168.2.0/24 network is part of the encryption domain and I can ping
the Unix box or telnet to it when VPNed in. I had explicit rules to allow
X-11 traffic before any "any service" rules and that didn't help. I even
made the dbedit change so FW-1 won't reject X-11 traffic. I even put a
laptop with a static IP on the FW-1 internal interface network just to
assure myself that all of the routing is correct.
Frankly, I'm totally stumped. It feels like FW-1 is not allowing the
192.168.2.255 broadcast out even though it's showing Encrypt.
Any guesses would be greatly appreciated.
Thanks,
Ray
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
