John, There are two ways to fix this, one is to make sure that every network that they could be coming from internally is in your encryption domain. SecuRemote/SecureClient by default will not drop traffic for inside encryption domain objects while disconnected, if it realizes that it's inside the encryption domain. or The Easy way You need to change the global property for Remote Access, VPN-Advanced for SecuRemote/SecureClient behavior while disconnected to When disconnected, traffic to the encyrption domain will be Sent in clear. Prior to NGX the default was Dropped.
Compuquip TECHNOLOGIES "Providing Solutions Since 1980" David Barker Senior Security Engineer Internet Security Division Phone: 305.436.7272 X 1364 Fax: 305.436.9149 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of John Lindblom Sent: Friday, October 07, 2005 9:11 AM To: [email protected] Subject: [FW-1] SecuRemote on Internal Network I have a couple of Citrix Metaframe servers setup in an encryption domain for SecuRemote clients to access. This works great but if they try and access those servers from inside the network and have the SecuRemote client running it fails to connect, I would like to avoid having them unload the client to connect. The rule is setup with a source of "Any" should this be setup to the external interface or something or is this not possible? John ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ************************************************************************************************** The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** This email was scanned for viruses, vandals and malicious content. ** ************************************************************************************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
