-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ray wrote: >> - (depending on the usage) no additional software to install > > There's always extra software to install unless you're just doing HTTPS > connections. Whether it's installed by you or by download (and you have to > give the end user elevated rights, which causes a whole different set of > problems), you still have to maintain it when it misbehaves. > >> - less connection problems (NAT-T, firewalls blocking access) > > It still depends on the other end, but generally you're right here. > SecureClient with Visitor Mode is the best of both worlds. IPSec over SSL. :-)
Check Point acknowledges that Visitor mode is a CPU hog due to added SSL encryption. So I guess that CPU wise IPSEC in itself is more CPU friendly compared to SSL. Which accounts for the original problem report I guess. We use 2 profiles per gateway and recommend NAT traversal as default. If it will not work on that location one can use visitor mode. By design visitor mode also does not support back connections. (Many of them work but not all and Check Point has not accepted a feature request to make that work reliably.) So I advise to use visitor mode only as a last resort. Hugo. - -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHICrbBvzDRVjxmYERAtXYAJ4z6sPs/j1K01YwWGL7/OwzmuQwTwCfScbA G8GQ/FDfuq+2AnglW0fVi+A= =tyBK -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
