[FW1] SecureClient, DHCP and internal policy

Thu, 24 Aug 2000 04:28:58 -0700 


Hi,

I'm having trouble getting my head around an interesting problem on FW1 with
client based VPN's and DHCP on DSL and wondered if anyone had hit similar
issues.

Platform
        CP2000, SP2 running on NT,
        SecureClient on client machines build 4157 -- not SecuRemote !

I am hoping to use DSL for many of the remote users - some with private DSL
connections and have opted for SecureClient to enforce our internal security
policy on all client machines (rejected SecurRemote since it doesn't enforce
remote security), however this is preventing the DHCP services on the DSL
modems from working.

Now I know that the security policy for remote users is derived from the
internal security policy and that DHCP is similar to BOOTP (UDP ports 67 and
68) so I could just open these ports up but given that DHCP/BOOTP is
broadcast based and the IP addresses provided by the various providers will
be live addresses this will also open up broadcasts and/or two UDP ports on
my internal systems -- which are not required.

How do I create a SecureRemote only rule to allow DHCP to function without
lowering the internal security on my network -- sort of a 

Source                  Destination     Service                 Action
SecureRemote User       any             DHCP/BOOTP              allow

Has anyone been here before or know of a work-around. ?

Advice would be welcome !

Cheers

Tim Chilton
mailto:[EMAIL PROTECTED]


************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to