Firewall Wizards mailing list archives
CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook
From: "Adam C. Hudson" <adam () inergy net>
Date: Fri, 23 Nov 2001 07:49:20 -0700
The problem environment: • Remote users connected via SecuRemote 4.1, build 4199 to firewall module • CheckPoint Firewall-1 4.1 with Service Pack 5, Windows NT 4.0 with Service Pack 6a • Microsoft Exchange Server 2000, Service Pack 1 The network in question here has remote users connecting via SecuRemote to access Microsoft Exchange Server using Microsoft Outlook client software (97, 2000 and XP). As many of you know, getting the ports nailed down on Exchange server and getting Firewall-1 to filter everything properly is a bit tricky, but having been through it many times, it was configured quickly and works perfectly for all the MAPI communication. However, we are experiencing one annoying side effect. Microsoft Exchange server uses UDP packets to notify connected Outlook clients of new incoming mail and other relevant events. While connected via SecuRemote, these notifications never make it properly to the client side. Of course, Firewall-1 indicates the outbound packets are accepted and encrypted, but they are never actually decoded and utilized on the client machine. This renders the Outlook clients a little in the dark, as the users must perform other actions inside Outlook before their mail is delivered (as it contacts the server). As a test, we had select users attach to the network via PPTP protocol to a Microsoft Windows 2000 server through the Firewall-1 module. By doing this, the UDP new mail notifications from the Exchange server work perfectly. Therefore, we have narrowed it down to the something within Firewall-1 or SecuRemote. There is a REALLY ambiguous entry in the CheckPoint Knowledgebase, that may be related: --------------------------------------------------- Solution: UDP encapsulated packets do not reach the destination (skI4512) Solution is yet not available. Currently under investigation. Problem Description UDP encapsulated packets do not reach the destination UDP Encapsulated packets report about incorrect packet size UDP encapsulated packets are dropped by Cisco PIX with intrusion detection software installed --------------------------------------------------- Has anyone experienced this problem, or something loosely connected to it? I would love to get this solved, as the users complain constantly about this side effect. Adam Hudson Networking and Security Consultant Office 720-348-0564 Fax 720-294-0778 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook Adam C. Hudson (Nov 23)
- Re: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook Chris 'Chipper' Chiapusio (Nov 25)
- <Possible follow-ups>
- RE: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook Adam C. Hudson (Nov 29)
- RE: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook David Hawley (Nov 30)