Ray wrote:
"you don't need to add any rules on the gw to permit 443 traffic towards
it. it's being done automatically by the implied rules when you enable
visitor mode."
I didn't follow the entire thread because it was so long, so I missed
the versions in use. With R55 you had to create an explicit access rule.
I was told that enabling Visitor Mode on R60 created an implied rule. I
have R61 and there is no implied rule. I had to create one. Your mileage
may vary. :-)
tried that on R60 HFA_02 or HFA_04 (do not remember which one was) and
on R65 and I did not have to add any rule to allow 443 on my enforcement
module.
Visitor Mode works really well. It's one of the biggest advantages of
using SecureClient instead of SecuRemote. It fixed connectivity issues
at hotels, behind crummy home routers, etc. Our execs would be sitting
side by side with a business partner using Cisco and the business
partner could not get connected and would be on the cell phone to their
help desk but Visitor Mode always worked.
:))
You might want to drop your topology update interval from the default to
1 hour. That will assure changes like these get pushed to the clients at
their next logon. The userc.C file is only 1K or so, so there is no
bandwidth issue.
even less would work as the added overhead for this is so little that it
doesn't count.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
