-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: 15 October 2002 13:09
To: [EMAIL PROTECTED]
Subject: [FW-1] SecuRemote and clusterThanks for your responseI am connecting to the cluster address, yes. However, I'm not allowing all those services to that address. I don't need ps_logon, FW1_svc_keepalive, all ica_services because I have no policy server, and don't use certificates...-tomas-I am assuming that you are trying to connect to your external interface/ cluster address from the out side world???If so, then you need to make sure you have a rule like the following above your stealth rule...
All_Internal_Networks (negated) -TO- external_address -SERVICE- FW1_pslogon;FW1_pslogon_NG;FW1_topo;IKE;FW1_scv_keep_alive;FW1_ica_services;FW1_ica_pull;FW1_ica_push -ACTION- Accept -TRACK- Log
Try that...
Regards
Joe Mayhew
Network Systems Administrator
British American Racing GP Ltd.
Operations Centre, Brackley
Northants, NN13 7BD
Tel: +44 (0) 1280 844247 Fax: +44 (0) 1280 843980
Mobile: +44 (0) 7974 260948
-----------------------------------------------------------------------------------------
Seen it all, done it all, can't remember most of it
-----------------------------------------------------------------------------------------
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 15 October 2002 11:38
To: [EMAIL PROTECTED]
Subject: [FW-1] SecuRemote and cluster
Hi all listmembers
I'm having trouble getting SR to work towards a network behind two clustered FW-1's on Nokia. I recently upgraded the management station to NG, but the same thing still happens.
In the logs, it seems like SR is trying to send IKE packets to the internal leg on the firewall. For some reason, the firewall won't answer (used tcpdump on the nokia box) on the IKE packets from the SR client. And i can't see any errors in the logs. SR answers with "communication with site xxx has failed". Updating topology goes fine.
Is there any special considerations getting SR to work towards clusters? The same coniguration works against non-clustered enviroments..
Any suggestions?
-tomas-
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED] =================================================
**********************************************************************
Official Website http://www.bar.net
**********************************************************************
Disclaimer: This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they are
addressed. This communication may contain material protected by solicitor
client privilege. If you are not the intended recipient or the person
responsible for delivering the email to the intended recipient, be advised
that you have received this email in error and that you should not act in
reliance of it and that any use, dissemination, forwarding, printing or
copying of this email is strictly prohibited. If you have received this
email in error please notify the IT Help Desk by telephone on +44 (0)
1280-844444 and delete it. Any files leaving us via email will have been
checked for known viruses. British American Racing accepts no responsibility
once an email and any attachments leave us.
[EMAIL PROTECTED]
**********************************************************************
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
Title: RE: [FW-1] SecuRemote and cluster
sorry my last email
was slightly inaccurate,
have rule to connect
to the management server for topology and have rule for access to both physical
addresses of the firewall ie. both firewall objects, for IKE and
FW1_pslogon if req.
cheers
Leon.
- [FW-1] SecuRemote and cluster tomas
- Re: [FW-1] SecuRemote and cluster Ian Gilfillan
- [FW-1] ��: [FW-1] SecuRemote and cluster Tao Lu
- Re: [FW-1] SecuRemote and cluster Joe Mayhew
- [FW-1] SecuRemote and cluster tomas
- Re: [FW-1] SecuRemote and cluster Leon Noble
- Re: [FW-1] SecuRemote and cluster Leon Noble
- Re: [FW-1] SecuRemote and cluster Leon Noble
- [FW-1] SV: [FW-1] SecuRemote and cluster tomas
- Re: [FW-1] SecuRemote and cluster Messier, Michel
