OK, here are a couple of things to check.
If you are using SecuRemote R54 or SecuRemote R55 prior to desktop HFA02 or
SecuRemote R56 prior to desktop HFA01 AND you assigned a nick name to the
site instead of just using the IP address, you will need to upgrade
SecuRemote to either R55 HFA02 or HFA03, R56 HFA02 or R60. Please note that
these are the HFA levels of SecuRemote itself. "About SecuRemote" will show
you the HFA level, if any.
There is a bug in the code of the previous versions where the certificate
renewal traffic got sent to the nickname as in
http://Nick Name:18264
instead of to the enforcement module on
http://<site Ip address>:18264
Secondly, there is a bug in the R55 SmartCenter code prior to HFA15, so it
may be in R54 as well. Briefly, they were was an error in parsing the
renewal traffic and it would cause the error you are seeing. Sometimes this
shows up as being able to renew the certificate when connected to the LAN
where the SmartCenter is, but you will get the error if trying to renew
across the Internet. The HFA only needed to be applied to the SmartCenter to
fix this problem. It did not make it into the Release Notes for some reason.
The R60 (NGX) version of SecuRemote simply sees that a certificate is about
to expire and automatically and silently renews it. The end user never even
knows it's happening unless they happen to be watching the connection
details at the instant it happens. This probably negates the need to extend
the life beyond two years.
HTH,
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Securemote Certificate Expiry
Date: Thu, 29 Sep 2005 09:27:43 +0530
Experts,
The default expiry time of securemote R54 authentication certificate is set
by checkpoint to 2 years. How to change this default expiry time ?
Also When we try to "renew" certificate through securemote, we get this
error
"Unable to contact ICA". Please note that there is no problem with
certificate authentication.
Regards,
U.SivaKumar.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
