On Firewall-1 v4.0 I have been able to use SecuRemote with FWZ key scheme by just allowing "FW1" (tcp port 256) from any to the Firewall as well as the relevant client encrypt rules and unchecking the "accept Firewall-1 control connections" box in the policy properties. However on Firewall-1 v4.1, I find that I need to select "accept VPN-1 & Firewall-1 control connections" in the policy properties. I cannot seem to get SecuRemote to work by using specific rules in the rulebase. I have tried the following two rules without success: a) Src: Any Dst: Firewall Svc: FW1, FW1_key, FW1_topo, RDP Act: Accept Trk: Long b) Src: SecuRemote-Client Dst: Firewall Svc: Any Act: Accept Trk: Long Src: Firewall Dst: SecuRemote-Client Svc: Any Act: Accept Trk: Long In both cases, I also had the appropriate client encrypt rules present. The symptoms I see are that I can add the Firewall "site" OK, and the authentication dialog box appears. However authentication fails with "communication failed" message. Allowing "accept VPN-1 & Firewall-1 control connections" in the policy properties makes SecuRemote work fine. Does anyone know what has changed from V4.0 to V4.1 regarding SecuRemote that causes this? Is it possible to allow SecuRemote with just rules in the rulebase and not with "accept VPN-1 & Firewall-1 control connections" in the policy properties? I'm using Firewall-1 v4.1[DES] SP1 on Windows NT 4.0 SP5. SecuRemote is v4.1 [DES] on Win-95. I am using DES encryption, MD5 integrity and FWZ key exchange. Roy Hills -- Roy Hills Tel: +44 1634 721855 NTA Monitor Ltd FAX: +44 1634 721844 14 Ashford House, Beaufort Court, Medway City Estate, Email: [EMAIL PROTECTED] Rochester, Kent ME2 4FA, UK WWW: http://www.nta-monitor.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
