Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Serverand Outlook

From: "Adam C. Hudson" <adam () inergy net>
Date: Wed, 28 Nov 2001 12:07:13 -0700
I actually had that thought, about IP NAT Pools, which actually happen
to be on in this configuration.  We performed some testing with no NAT
pool and it had no affect on things.

Adam Hudson
Networking and Security Consultant
Office 720-348-0564
Fax 720-294-0778


-----Original Message-----
From: Chris 'Chipper' Chiapusio [mailto:chipper () llamas net] 
Sent: Friday, November 23, 2001 7:55 PM
To: Adam C. Hudson
Cc: firewall-wizards () nfr com
Subject: Re: [fw-wiz] CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange
Serverand Outlook

On Fri, 23 Nov 2001, Adam C. Hudson wrote:


The problem environment:

+ICI- Remote users connected via SecuRemote 4.1, build 4199 to firewall
module
+ICI- CheckPoint Firewall-1 4.1 with Service Pack 5, Windows NT 4.0

with

Service Pack 6a
+ICI- Microsoft Exchange Server 2000, Service Pack 1

The network in question here has remote users connecting via SecuRemote
to access Microsoft Exchange Server using Microsoft Outlook client
software (97, 2000 and XP).  As many of you know, getting the ports
nailed down on Exchange server and getting Firewall-1 to filter
everything properly is a bit tricky, but having been through it many
times, it was configured quickly and works perfectly for all the MAPI
communication.

However, we are experiencing one annoying side effect.  Microsoft
Exchange server uses UDP packets to notify connected Outlook clients of
new incoming mail and other relevant events.  While connected via
SecuRemote, these notifications never make it properly to the client


[snip]



Has anyone experienced this problem, or something loosely connected to
it?  I would love to get this solved, as the users complain constantly
about this side effect.


FW1 4.1SP2 Nokia Modules
SR Build 4185
Win2k client w/ OfficeXP

Works here, You may want to turn on IP Pool NAT in policy properties and

add pool nat networks in each of your SR gateway firewalls.  this does 
inbound translation of your SR sessions and fixes alot of the MS RPC 
and UDP issues.

Chipper

------
                      Please encrypt anything important.
   PGP Key:
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D
"They that can give up essential liberty to obtain a little 
    temporary safety deserve neither liberty nor safety " - Benjamin
Franklin

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: