Re: [FW1] Serious problem with SecuRemote Encapsulated FWZ + NAT

["Dameon D. Welch-Abernathy" <dwelch@phoneboy.com>]

On Tue, Mar 14, 2000 at 11:20:19AM -0500, Dan Herold wrote:

> It appears FW-1 maintains some sort of state table where it the incoming IP
> address is remembered as being a SecuRemote client and all return packets
> are sent encrypted. Our only solution up to now was to simply wait for the
> gateway to expire the SecuRemote session (sometimes takes 20 mins, sometimes
> hours) and resume routing the return packets in cleartext.

This is correct. I believe it stores this information in the userc_rules
table.
 
> My question is: is there a way we can FORCE FW1 to STOP encrypting the
> return packets, and reset the connection table? Bouncing the FW daemon has
> no effect. We're running FW-1 (NT) ver. 4.0 SP5. Our SecuRemote clients (4.0
> build 4005) all use encapsulated FWZ for access into our NT domain using
> RADIUS authentication.

I have a feeling that might cause more problems than it solves, but you
could probably do something like redfine the userc_rules table with 
"lower" defaults. You can certainly flush the userc_rules table by using
the command:

fw tab -x userc_rules

-- PhoneBoy


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================