Firewall Wizards mailing list archives

Re: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook

From: "Chris 'Chipper' Chiapusio" <chipper () llamas net>
Date: Fri, 23 Nov 2001 21:54:33 -0500 (EST)

On Fri, 23 Nov 2001, Adam C. Hudson wrote:

The problem environment:

+ICI- Remote users connected via SecuRemote 4.1, build 4199 to firewall
module
+ICI- CheckPoint Firewall-1 4.1 with Service Pack 5, Windows NT 4.0 with
Service Pack 6a
+ICI- Microsoft Exchange Server 2000, Service Pack 1

The network in question here has remote users connecting via SecuRemote
to access Microsoft Exchange Server using Microsoft Outlook client
software (97, 2000 and XP).  As many of you know, getting the ports
nailed down on Exchange server and getting Firewall-1 to filter
everything properly is a bit tricky, but having been through it many
times, it was configured quickly and works perfectly for all the MAPI
communication.

However, we are experiencing one annoying side effect.  Microsoft
Exchange server uses UDP packets to notify connected Outlook clients of
new incoming mail and other relevant events.  While connected via
SecuRemote, these notifications never make it properly to the client


[snip]


Has anyone experienced this problem, or something loosely connected to
it?  I would love to get this solved, as the users complain constantly
about this side effect.


FW1 4.1SP2 Nokia Modules
SR Build 4185
Win2k client w/ OfficeXP

Works here, You may want to turn on IP Pool NAT in policy properties and 
add pool nat networks in each of your SR gateway firewalls.  this does 
inbound translation of your SR sessions and fixes alot of the MS RPC 
and UDP issues.

Chipper

------
                      Please encrypt anything important.
   PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D
"They that can give up essential liberty to obtain a little 
    temporary safety deserve neither liberty nor safety " - Benjamin Franklin

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook Adam C. Hudson (Nov 23)
- Re: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook Chris 'Chipper' Chiapusio (Nov 25)
- <Possible follow-ups>
- RE: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook Adam C. Hudson (Nov 29)
  - RE: CheckPoint Firewall-1/VPN-1, SecuRemote, Exchange Server and Outlook David Hawley (Nov 30)