Hey, great news! Thanks for the feedback,
Ray
From: "Meyers, Duncan" <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] SecureClient
Date: Wed, 28 Sep 2005 16:32:04 +1000
Spot on! I had the rules for VPN_Users but not All_Users.
D'oh!
Many thanks, Ray.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Wednesday, 28 September 2005 8:26 AM
To: [email protected]
Subject: Re: [FW-1] SecureClient
This contradicts your next post that you can browse the Internet or the
corporate LAN but not both. Assuming this means the SheidlsUp! test was
done while NOT VPNed in, you need to look at your default desktop
security policy.
There are actually two sets of policies, the one you created for your
VPN_Users group (or whatever it was named) and the default policy.
The VPN_Users group desktop security rules are in effect when you are
VPNed in.
The [EMAIL PROTECTED] group desktop security rules are in effect when you are
NOT VPNed in. It is known as the "default policy."
It's kind of confusing because you mix both sets of rules in the one
Desktop Security policy, but you get used to it rather quickly.
If my assumption above is correct, you need to look at your [EMAIL PROTECTED]
rules to see if they are appropriate or even exist.
HTH,
Ray
>I then use a dial-up
>service and run SecureClient from the workstation. It appears to log on
>to the policy server and update the policy - so far, so good. If I then
>run Shields Up! from www.grc.com to test the firewall, it shows a
>couple of open ports, heaps of closed ports and a small handful of
>stealth ports - which is not the behaviour I was expecting! Presumably
>the desktop policy will show up as heaps of stealth ports under the
>Shields Up! test? Can anyone give me a pointer as to where I'm going
wrong?
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email [EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
