"you don't need to add any rules on the gw to permit 443 traffic towards it.
it's being done automatically by the implied rules when you enable visitor
mode."
I didn't follow the entire thread because it was so long, so I missed the
versions in use. With R55 you had to create an explicit access rule. I was
told that enabling Visitor Mode on R60 created an implied rule. I have R61
and there is no implied rule. I had to create one. Your mileage may vary.
:-)
Visitor Mode works really well. It's one of the biggest advantages of using
SecureClient instead of SecuRemote. It fixed connectivity issues at hotels,
behind crummy home routers, etc. Our execs would be sitting side by side
with a business partner using Cisco and the business partner could not get
connected and would be on the cell phone to their help desk but Visitor Mode
always worked.
You might want to drop your topology update interval from the default to 1
hour. That will assure changes like these get pushed to the clients at their
next logon. The userc.C file is only 1K or so, so there is no bandwidth
issue.
Ray
From: sin <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Visitor mode -help
Date: Sat, 11 Aug 2007 14:55:13 +0300
john maverick wrote:
Thanks for all your inputs ...ii was just that the official checkpoint doc
quote" seemed to emphasize on "ALL" VPN1 doc chapter 27...would also like
to
understand if
1)enabling visitor mode on gateway
2)Creating a connection profile for visitor mode on gateway
3)Addding https rules to gateway
you don't need to add any rules on the gw to permit 443 traffic towards it.
it's being done automatically by the implied rules when you enable visitor
mode.
4)ensuring port chosen is unoccupied at gateway
Are these the only prequisites on the gateway (licensed secuerclient)..any
other gotchcas appreciated
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
See what youre getting into
before you go there
http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
