I have clients that require all business data traversing the public internet between our sites, whether pre-encrypted or not, to be 3DES Checkpoint encrypted.
Chris -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]] On Behalf Of Pulver, Richard Sent: Tuesday, October 08, 2002 12:15 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Citrix drops connection when we install rulebase I use the encryption native to Citrix in MetaFrame 1.8 FP1 and above. Citrix has 40, 56, and 128bit encryption available. -----Original Message----- From: Chris Covington [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 9:53 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Citrix drops connection when we install rulebase So what if I want to fix the problem but I encrypt Citrix traffic? I have a custom defined service and whenever I push policies everyone drops... If I were to turn Fast Mode on, my NAT/Encryption would no longer function. Chris -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]] On Behalf Of Torkel Mathisen Sent: Tuesday, October 08, 2002 2:48 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Citrix drops connection when we install rulebase No. No VPN or NAT or anything. Regards, Torkel > -----Original Message----- > From: Chris Covington [mailto:[EMAIL PROTECTED]] > Sent: 7. oktober 2002 19:05 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > Rich, > > I assume you use no VPN encrypted Citrix? I would like to prevent > this problem is well, but won't turning on Fast Mode with citrix_tcp > prevent NAT and/or Encryption from working? > > Chris > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED]] On Behalf Of > Pulver, Richard > Sent: Monday, October 07, 2002 10:26 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > Torkel, > > What version of Citrix are you using? How are you launching > the applications through Citrix - are you using .ica files or Program > Neighborhood? I had the same problem for a while using .ica files with > the web client. I had to create two new services for ICA traffic which > I > called: > > citrix_tcp (TCP Service) > Port: 1494 > Source Port Range: 1024-65356 > Protocol Type: URI > Fast Mode: Checked > > citrix_udp (UDP Service) > Port: 1604 > Source Port Range: 1024-65356 > > This solved some of the other problems I was having as well as > stabilizing Citrix connections during policy pushes. Not sure if you > have this already setup or not, but it may help. > > Rich > > > -----Original Message----- > From: Torkel Mathisen [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 07, 2002 9:59 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > Hi > > I've read this paper, but I didn't think the users would actually > loose the connection. I know that FW-1 clears the connectiontable and > all that, but it also build it up again when the session continues. > > >From the paper: > > "When you push a new rulebase the state table is cleared. However, you > will not lose any of your established connections while pushing a new > rulebase." > > A bit futher down: > > "... Firewall-1 maintains state of what connection were active prior > to the new rule push. This old state table is maintained as > old_connections." > > We don't have this problems with other protocols. Its just Citrix. > They actually loose the connection. When we use Windows terminal > client we don't get disconnected. I would guess the firewall builds > the connections up again and that this is transparent for the users. > > With Citrix this doesn't happen. Its very frustrating for our users > when they are working with something and suddenly have to reconnect. > And possibly even get connected to a different server than before and > loose their work. > > The sollution you refer to is clicking on "Fast Mode" for ICA (tcp > 1494)? What about icabrowser (udp 1494)? > > Regards, > Torkel > > > > > -----Original Message----- > > From: Lars Troen [mailto:[EMAIL PROTECTED]] > > Sent: 7. oktober 2002 15:20 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] Citrix drops connection when we install rulebase > > > > > > Torkel, > > http://www.enteract.com/~lspitz/fwtable.html > > > > This is a nice paper describing what's going on. The state table is > > flushed when you install a policy, but if you read further > you can see > > > there's still hope. :) > > > > Lars > > > > > > > > > -----Original Message----- > > > From: Torkel Mathisen [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, October 07, 2002 14:18 > > > To: [EMAIL PROTECTED] > > > Subject: [FW-1] Citrix drops connection when we install rulebase > > > > > > > > > We have a problem here with Citrix being dropped when we > install the > > > > rulebase. > > > > > > The users have Citrix clients up at all time, but whenever we > > > install the rulebase on the firewall the connection is dropped and > > > they have to connect again. > > > > > > Anyone have any experience with this? > > > > > > We haven't done anything special in the firewall. Only a rule that > > > accept Citrix (1604 and 1494). > > > > > > Regards, > > > Torkel > > > > > > ================================================= > > > To set vacation, Out Of Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your subscription > > > options, email [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your subscription > > options, email [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
