[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] problems with Securemote
I have problems use Securemote, I'm using FW-1 4.1 with SP1 build 41603 and Securemote 4.1 Sp1 des build 4153, I think that I configured all but I don't know if I miss something I defined and object for the FW with the external IP address, then create a group that will be the domain for encryption and in that group I put the object of the FW and object for my internal network, I mark in the FW object the check box that said Exportable for Securemote. I'm using FWZ encryption scheme, I generate the key manager and the DH key, and check the option of encapsulation, for last I put a rule that allows a group of users to use the service of pop-3 on one of my mail servers and the rule look like this. source destination service action @any Domain_Encript_Group pop-3 client-encrypt In the process to make all these work I notice that the client of securemote can get the keys from the FW, and gets no error at that point but when I try to use the pop-3 service the FW rejected then I put a rule that allows the pop-3 traffic from any to the mail server and then the encryption started to work but the rule that allows the traffic is the second rule so my rule base nows looks like source destination service action @any Domain_Encript_Group pop-3 client-encrypt any Mail_server pop-3 accept all the traffic its encrypted, i notice that cause the log of the FW show entries that said that the machine with securemote is been decrypted and allow it to go to the mail server also there apear the user that I'm using to authenticate but the in the rule field apears the second rule, what could be the problem cause if I disable the second rule the traffic start to get rejected, Thanks to all for your help!!! ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|