Local Edge internet browsing requires a separate rule from your VPN tunnel rule. Try creating a separate policy to allow http/https traffic from Edge Network to destination ANY with Install On "Edge Profile" and push out the policy.
Danny Mo -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Caballero Carlos Sent: Monday, June 05, 2006 7:43 AM To: [email protected] Subject: [FW-1] Define exceptions when encripting in VPN Tunnel Hello guys, I'm having a little troubles here when turning on the VPN Tunnels in my network, I Have several VPN-1 Edge boxes and I'm turning on the VPN Tunnel between them and my FW-1 modules, I'm downloading the topology of the network on the boxes and until that I have no problems, the trouble is when the users behind the boxes tries to navigate in the internet the traffic is blocked, in the event logs says that the traffic should be encrypted, I had specified an exception of services HTTP and HTTPS on the VPN domain where those gateways and boxes are defined but when I do that they can navigate in to the internet but I block the navigation from the users behind the boxes to my intranet in the central office and in the event log says that this traffic shouldn't be decrypted so I think that the boxes are still encrypting the traffic over HTTP and HTTPS. Could someone help me on this I really don't know what to do? Carlos Caballero Ingeniero de comunicaciones Banco Mercantil S.A. La Paz - Bolivia Telf: (591) 2 2409040 Ext.: 4441 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
