Po, Are you using the same system(client) to test with? I'll assume(ack) that you've already verified the browser allows active-x. Tell me about your DMZ. How do you do addressing there? Did you split your legal addresses or are you NATting also. My guess would be that your splitting your legal addresses. If not, are the NAT rules the similar(e.g. port# the same)? I've seen a similar issue in the past with some small chain(the owners name was Sam, I think :), where the client picked up the local IP address and if you were NATting, it failed(header was changed, but the client also had the IP in the data and they didn't match). Robert - - Robert P. MacDonald, Network Engineer e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice: +1.616.261.7987 email: [EMAIL PROTECTED] >>> Po Petz <[EMAIL PROTECTED]> 8/21/00 7:15:25 PM >>> >Hi, > >A web client behind the CPFW-1 v4.1 firewall is having trouble accessing >an Active-X object that's used as a login tool for a website. > >I can access the site from the DMZ, but not behind the firewall. >https://b2bdev.andersenwindows.com/registration/regsupp.htm > >When trying to access the site from behind the firewall, it appears to >download the object but is either unable to run it or it's an incomplete >download. The log (set to "long") reports nothing but usual http access >from the client workstation. > >Just in case there was a specific rule tripping me up, I created an >object for the client workstation and created a rule from that >workstation to Any destination and Any Service to be accepted and logged >(Long). That failed to solve the problem; the log reports nothing else >besides a http request. > >I tried changing from hide-nat to static-nat. Nothing. >I tried publishing a new IP and static-natting the workstation object to >that. Nada. >I cleared the browser cache each time. Didn't seem to change anything. > >Is this essentially a problem with the Active-X object being unable to >work through the firewall or is there some other configuration that I'm >overlooking with Checkpoint FW-1? > >Checkpoint FW-1 v4.1 is running on a Sun Ultra under Solaris 7. >Clients: Windows 95 and 98 with IE 5.0 > >Any insights will be much appreciated. > >Thanks, >-po >-- >Po Petz - SysAdmin >NetXposure >(503) 499-4342 >http://www.netx.net ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
