Hello:) It doesn't mean that remote users are unable to connect anything in their internal network. If you want such settings you need to use Desktop Policy/Endpoint Connect with Secure access. Alexey
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of John Lindblom Sent: 07 July, 2009 5:14 PM To: [email protected] Subject: Re: [FW-1] Access to Internal Servers Through VPN Client Thanks Gary. I would think it would be a good thing that they couldn't connect to anything on the local LAN they would be on...more secure. Remote users would generally be on unsecured networks anyway at hotels, airports or home office. Gary Scott <[email protected]> Sent by: Mailing list for discussion of Firewall-1 <[email protected]> 07/07/2009 09:05 AM Please respond to Mailing list for discussion of Firewall-1 <[email protected]> To [email protected] cc Subject Re: [FW-1] Access to Internal Servers Through VPN Client Yes this is typical. Office mode will allow the client to connect even if they are on the same subnet as your internal enc domain, catch here is that while they are connected they will not be able to access anything on their local lan. -GS ________________________________ From: John Lindblom <[email protected]> To: [email protected] Sent: Tuesday, July 7, 2009 9:02:09 AM Subject: [FW-1] Access to Internal Servers Through VPN Client I have a couple of Citrix servers setup for remote access using the SecurClient VPN. The Citrix client is configured with the private IP addresses (172.16.x.x) of these servers and it everything is working just fine but I just need to make sure this configuration is best practice. At one time I had them setup to hide behind public IP addresses and then configured the Citrix client to point to the public IP addresses. After doing some testing I realized the Citrix client could connect using the private IP address assigned to the servers and didn't need to use the public IP addresses. I have a group setup that I add servers to that need to be accessed through the VPN client and have the rule setup to use that group. Is this the typical way of setting up access to internal servers through the SecureClient VPN? What concerns me is what would happen if the client is on a network that is using the same private IP address range. Thanks, John ------------------------ The information contained in this email and any attachments may contain confidential, proprietary, business sensitive, privileged or controlled information. If you are not the intended recipient, any disclosure, dissemination, distribution, duplication or other unauthorized use of the information contained in this email or any attachment is strictly prohibited. Unauthorized interception of this e-mail is a violation of law. If you are not the intended recipient, please notify the sender by reply email and immediately and permanently delete this mail and any attachments and any copies of them. Technical data and/or information provided in this email or any attachment may be subject to U.S. export control laws. Export, re-export, diversion or disclosure contrary to U.S. law is prohibited. It is your responsibility to check this email and any attachments for viruses or other harmful code before opening or forwarding. ------------------------ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ------------------------ The information contained in this email and any attachments may contain confidential, proprietary, business sensitive, privileged or controlled information. If you are not the intended recipient, any disclosure, dissemination, distribution, duplication or other unauthorized use of the information contained in this email or any attachment is strictly prohibited. Unauthorized interception of this e-mail is a violation of law. If you are not the intended recipient, please notify the sender by reply email and immediately and permanently delete this mail and any attachments and any copies of them. Technical data and/or information provided in this email or any attachment may be subject to U.S. export control laws. Export, re-export, diversion or disclosure contrary to U.S. law is prohibited. It is your responsibility to check this email and any attachments for viruses or other harmful code before opening or forwarding. ------------------------ Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
