Re: Checkpoint Securemote blocking access from intermal newtwork...?

From: AlienMojo (Dont_at_sendit.now)
Date: 09/30/03

• Next message: Renegade: "Re: blocked address activity -- why?"
• Previous message: T.R.: "Browser Information"
• In reply to: Chester Perry: "Checkpoint Securemote blocking access from intermal newtwork...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 30 Sep 2003 11:39:34 -0700

On Tue, 30 Sep 2003 11:25:13 -0700, Chester Perry wrote:

> I still have a problem with Checkpoint Securemote NG blocking internal
> network traffic.
>
> Running a Win 2K machine on an internal NAT'd network.
>
> As soon as the machine connects to the remote VPN, it becomes invisible
> to the internal network (can't ping it even).
>
> I can live with that, but even after I stop Securemote, and also stop
> the Checkpoint WatchDog service manually, the machine remains invisible
> to the internal network.
>
> Is there any way I can re-onnect to the internal network after the VPN
> session is completed without re-booting at the OS level?

It sounds like the machine is running SecureClient and not SecuRemote.
SecureClient acts as a personal firewall in addition to being a VPN
client. It gets its policy from the gateway it connects to and that
policy is probably blocking inbound connections. They are actually the
same product/installation, but choices made during the install determine
which version is activated.

Even if you stop SecureClient the policy is active. You need to disable
the policy before you stop the client. It is an option on the client
menu. That would restore your connectivity to/from systems other than the
remote VPN. Keep in mind that depending on how the gateway is configured
it has the ability to check if the policy is disabled. Disabling the
policy might cause the VPN to fail.

-- 
AlienMojo

---

• Next message: Renegade: "Re: blocked address activity -- why?"
• Previous message: T.R.: "Browser Information"
• In reply to: Chester Perry: "Checkpoint Securemote blocking access from intermal newtwork...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Please read ... >network interact with one of our machines on the internal ... establish a VPN to somebody else's network. ... that would become a policy monitoring and enforcement issue. ... of such policy would be a large security issue in itself. ... (microsoft.public.win2000.security) RE: [Full-disclosure] Checkpoint SecureClient NGX Security Policy caneasily be d ... Checkpoint SecureClient NGX Security Policy ... Employees should be allowed to access your company network from ... company is allowed to access the network on the VPN. ... (Full-Disclosure) Re: [Full-disclosure] Checkpoint SecureClient NGX Security Policy can easily be disabled ... > which you can define on the VPN Endpoint you log on to. ... > your policy is the latest one. ... > "VPN-1 SecureClient strengthens enterprise security by ensuring client ... no personal firewall is running - but the VPN part ... (Full-Disclosure) [Full-disclosure] Checkpoint SecureClient NGX Security Policy can easily be disabled ... Employees should be allowed to access your company network from ... company is allowed to access the network on the VPN. ... Checkpoint SecureClient enforces a policy on the VPN Client, ... (Full-Disclosure) VPN issues ... Have a small Windows 2003 network with XP Prof SP2 workstations. ... very little GPO entries applied in both the Domain Computer and Domain Group ... Policy beyond the basic defaults. ... Several of the workstations connect to a VPN using a proprietary AT&T ... (microsoft.public.windows.group_policy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-09