I had the same issue a couple of moths back and found CP had a solution sk21432, " Exceed Hummingbird does not work through SecuRemote" and had to add a rule to allow back connections from server to client for tcp high ports from server to client and it of course worked.
hth, Rajeev On 9/9/05, Ray <[EMAIL PROTECTED]> wrote: > > I'm trying to get Exceed 2006, an X-Windows client to some Unix boxes, > working over SecureClient. As long as I'm not VPNed in and I'm on the LAN, > it works fine so I know I have the desktop security policy right. > > When I fire up Exceed, it is set to do an XDMCP broadcast to > 192.168.2.255<http://192.168.2.255> > rather than its default broadcast address of > 255.255.255.255<http://255.255.255.255>. > I couldn't get > the default to work on just the LAN for whatever reason. The Unix boxes > are > in another state. > > Watching the SecureClient log viewer, I see the broadcast go out with an > Encrypt action but nothing comes back from the server on > 192.168.2.1<http://192.168.2.1>. > When I > watch the log viewer on the LAN, I can see the Unix box come back > immediately with its X-11 traffic and I get the correct login screens. > > The 192.168.2.0/24 <http://192.168.2.0/24> network is part of the > encryption domain and I can ping > the Unix box or telnet to it when VPNed in. I had explicit rules to allow > X-11 traffic before any "any service" rules and that didn't help. I even > made the dbedit change so FW-1 won't reject X-11 traffic. I even put a > laptop with a static IP on the FW-1 internal interface network just to > assure myself that all of the routing is correct. > > Frankly, I'm totally stumped. It feels like FW-1 is not allowing the > 192.168.2.255 <http://192.168.2.255> broadcast out even though it's > showing Encrypt. > > Any guesses would be greatly appreciated. > > Thanks, > > Ray > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Rajeev Gupta CISSP, CCMSE+VSX ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
