[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Problems after 4.1SP5 to NG FP2 migration
Last weekend, we turned off our 4.1SP5 firewall and turned on our NG FP2 firewall. Although the vast majority of the system is working properly, we are having a lot of problems with SecuRemote. Prior to the changeover, we made sure that all staff were either using the 4.1 build 4199 copy or the NG build 52057 copy. Everyone was successfully connecting to the 4.1 firewall using IKE and 3DES. We are seeing a number of problems with the NG firewall and SecuRemote: 1. Inability to get the site details, with the error "Communication with site has failed". 2. Where staff have managed to get the topology, their sessions are failing after a few minutes. For example, I'll start using IMAP through SR and authenticate myself. About 5-10 minutes later, my IMAP client will fail to communicate with the firewall. 3. Rules aren't behaving as they were with 4.1. For example, there is a rule that allows members of the IT Department access to the internal network for any service. With 4.1, I was able to use Outlook in offline mode and synchronise with Exchange. This doesn't work with NG. As a result, I am temporarily using IMAP to communicate with Exchange. In addition, we have done a lot of work with NG on making more use of groups of users. For example, we have an MSExchangeUsers group that consists of departmental groups, e.g. Publishing, Software, IT, etc. There is a rule that allows users of the MSExchangeUsers access to the internal IP address of the Exchange server for ANY service. However, that rule doesn't work for me - even for IMAP. Disabling that rule and enabling the IT rule *does* allow me to use IMAP on Exchange. Has anyone else seen problems with nested groups? This has become a very painful and embarrassing problem. Can anyone suggest any settings I can check or anything else to investigate further? Thanks. --Philip -- Philip Colmer MBCS CEng Tel: 01223 271223 I.T. Manager Fax: 01223 215513 ProQuest Information & Learning The Quorum, Barnwell Road, Cambridge, CB5 8SW ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|