[fw-wiz] SecureClient netbios broadcast on office mode connection

From: David West (davidawest_at_gmail.com)
Date: 10/24/05

To: firewall-wizards@honor.icsalabs.com
Date: Mon, 24 Oct 2005 17:02:50 +1000

Hi all,
I have a problem with SecureClient when using a USB mobile broadband
CDMA device for Internet connectivity. I don't think the problem is
particular to the network transport or the device used for the
connection, but a problem with SecurClient and this particular

I connect to my ISP using a regular dial-up networking connection. My
isp assigns me a private address for the connection (eg. 10.x.x.x),
this is obviously NAT'd to a public address when I access the
Internet. When I use SecureClient to connect to VPN the connection
drops. Looking at a packet capture on the client, SecureClient
connects (office mode), authenticates and does a netbios broadcast to
my vpn ip pool broadcast address with a source address from my IP pool
(eg. SRC: > DST: This broadcast
triggers anti-spoofing rules at my ISP and a ppp renegotiation, which
tears down the connection and consequently the VPN fails.

I've tested and can reproduce this behaviour with clients using
Windows XP SP1 and SP2, with and without Windows firewall enabled.
I've tested many client changes, including disabling netbios over
tcp/ip for the dialup networking connection, changing the netbios node
type and disabling services (server, netlogon, workstation, computer
browser, tcp/ip netbios helper), all to no avail. Disabling services
to prevent netbios does work, but break other Windows functionality.

I have a call open with Checkpoint support, but it's getting nowhere.
Any help would be appreciated. Enforcement modules are NG FP3 and
SecureClient is R56-HFA03-B619.


firewall-wizards mailing list