John, What version of Secure Client are you using? Do you have a desktop policy that could be blocking this? This property shouldn't be affected by your encryption domain, only that you have the box checked or not. David S. Barker Senior Security Engineer Compuquip Technologies Phone: 305.436.7272 X 1364 Fax: 305.436.9149 mailto://[EMAIL PROTECTED] 8399 NW 30th Terr, Miami, Fl 33122
Compuquip TECHNOLOGIES "Providing Solutions Since 1980" ________________________________ From: Mailing list for discussion of Firewall-1 on behalf of John Lindblom Sent: Wed 10/12/2005 10:06 AM To: [email protected] Subject: Re: [FW-1] SecuRemote on Internal Network The property is set to false and a Site Update doesn't change it, It still doesn't work if we manually change it. Do we need the internal network in the ENC_DOMAIN for this to work or is this setting suppose to work without? "David S. Barker" <[EMAIL PROTECTED] P.COM> To Sent by: Mailing [EMAIL PROTECTED] list for INT.COM discussion of cc Firewall-1 <FW-1-MAILINGLIST Subject @AMADEUS.US.CHECK Re: [FW-1] SecuRemote on Internal POINT.COM> Network 10/10/2005 08:48 PM Please respond to Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST @AMADEUS.US.CHECK POINT.COM> John, Verify that your userc.C in the c:\program files\Securemote\database directory has the following property set :allow_clear_in_enc_domain (true) If it does not, verify that if the client performs an update site that the property updates. David S. Barker Senior Security Engineer Compuquip Technologies Phone: 305.436.7272 X 1364 Fax: 305.436.9149 mailto://[EMAIL PROTECTED] 8399 NW 30th Terr, Miami, Fl 33122 Compuquip TECHNOLOGIES "Providing Solutions Since 1980" -----Original Message----- From: Mailing list for discussion of Firewall-1 on behalf of John Lindblom Sent: Mon 10/10/2005 9:01 AM To: [email protected] Subject: Re: [FW-1] SecuRemote on Internal Network It's all ready set to "Sent in Clear". Do I still need the internal network in the encryption domain with this setting? This is a Traditional VPN Configuration not the NG Simplified Configuration, would that make the difference. If this is the problem, are there any DOCS available for a migration to the Simplified mode. John Mailing list for discussion of Firewall-1 <[email protected]> wrote on 10/09/2005 10:10:21 PM: > John, > > There are two ways to fix this, one is to make sure that every network > that they could be coming from internally is in your encryption domain. > SecuRemote/SecureClient by default will not drop traffic for inside > encryption domain objects while disconnected, if it realizes that it's > inside the encryption domain. > or > The Easy way > You need to change the global property for Remote Access, VPN-Advanced > for SecuRemote/SecureClient behavior while disconnected to When > disconnected, traffic to the encyrption domain will be Sent in clear. > Prior to NGX the default was Dropped. > > > Compuquip TECHNOLOGIES > "Providing Solutions Since 1980" > > David Barker > Senior Security Engineer > Internet Security Division > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
