Are you saying that you can never do a site update with hybrid mode or are
you saying that you can't use hybrid mode until you get a site update that
includes the CA info?
Keith White
Dan.Hitchcock@homestre
etbank.com To:
[EMAIL PROTECTED]
cc:
[EMAIL PROTECTED], (bcc: Keith
06/16/00 04:06 PM White/NA/Millipore)
Subject: Re: [FW1] Internal CA
for Hybrid mode
One possibility is that the SecuRemote client has not yet received the CA
information. You cannot perform site updates using hybrid mode auth
(aaargh!),
so you must make sure to update the site with a user that has a preshared
secret
(I assume you're using IKE, or hybrid mode is meaningless). CA updates
will NOT
be pushed to the client in automatic topology update - you must manually
update
the site on the SR client after installing the CA. To verify if the
SecuRemote
client has the necessary CA info, look in the userc.c file on the SR client
for
a section that looks something like:
:MgmtInternalCA (
:public (
yadda yadda
Hope that's a start...
Dan Hitchcock
Network Engineer
[EMAIL PROTECTED] on 06/16/2000 12:32:00 PM
To: [EMAIL PROTECTED]
cc: (bcc: Dan Hitchcock/CSB)
Subject: [FW1] Internal CA for Hybrid mode
Hi all,
I have recently been installing FW1 version 4.1 SP1 in order to get the
hybrid mode going and authenticate off of the FW1 internal user database.
During the process, according to the documentation on CheckPoint's site, I
have had to create an Internal CA. Well, all seems good from the Policy
manager perspective, where I see the internal CA under the manage servers
windows and the certificate which was created under the firewall object.
The test user was created according to the instructions and the firewall
object also modified. The problem comes when Secure Client tries to
connect in an begins complaining that the firewall is not a CA. What could
be causing this and where should I look to fix this problem?
Thanks.
John
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
