Maybe you should first try setting the services to any, verify what you actually need in the rule for ports, and then lock it down. Juan Concepcion, Technical Support Engineer Crossbeam Systems (978)318-7551
________________________________ From: Mailing list for discussion of Firewall-1 on behalf of Sergio Alvarez Sent: Thu 9/7/2006 11:51 PM To: [email protected] Subject: Re: [FW-1] Secure Client Alvaro, Your wrote: "and i can connect but where i connecting it shows the message" So can you or not get the tunnel established? The deal here is troubleshooting an issue of problems establishing the VPN is different than a problem were the tunnel is up but no traffic goes through encrypted. About your rule: "Any - Firewall - FW1_pslogon_NG - Accept"... I don't really think you need it, what you need is a rule that has the group of SecureClient users as source, the network behind the firewall you want access for those users as the destination and a VPN Remote Access community for that rule. Check the VPN documentation pdf specific to your version. Regards On 9/7/06, Alvaro Gastambide <[EMAIL PROTECTED]> wrote: > > Hi Guru's, i configured SecureClient and i can connect but where i > connecting it shows the message Failed to update the policy, > The firewall drop the packet that i attach. > I have a rule: > Any - Firewall - FW1_pslogon_NG - Accept > > Any ideas ? > > > Number: 96705 > Date: 7Sep2006 > Time: 16:38:27 > Product: VPN-1 Pro/Express > Interface: eth2 > Origin: Firewall > Type: Log > Action: Drop > Protocol: tcp > Service: FW1_pslogon_NG (18231) > Source: PC (192.168.30.4) > Destination: Firewall_Sadvisor () > Source Port: 2211 > User: jcosta > Encryption Scheme: NA > Subproduct: VPN > VPN Feature: VPN > Information: encryption failure: Clear text packet > should be encrypted > > -- > Saludos, > > Alvaro Gastambide Lusiardo > Check Point Certified Security Administrator - MCSA > Dpto. de IngenierĂa > Security Advisor > www.sadvisor.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
