View Single Post
  #3   (View Single Post)  
Old 15th June 2008
ohauer ohauer is offline
Port Guard
Join Date: May 2008
Location: germany
Posts: 32

If the user use CheckPoint SecuRemote/SecureClient, it is easy to create the rules.

This passage is from the CheckPoint manual.

If a SecuRemote/SecureClients is located behind a non-Check Point firewall, the following ports must be opened on the firewall to allow SecuRemote/SecureClient traffic to pass:
Table 1-16 ports to open for non-Check Point firewalls port explanation
UDP port 500       | always, even if using IKE over TCP  
TCP port 500       | only if using IKE over TCP  
IP protocol 50 ESP | unless always using UDP encapsulation  
UDP port 2746      | configurable; only if using UDP encapsulation  
UDP port 259       | only if using MEP, interface resolving or interface High Availability
If you think this are to much, contact the Firewall Administrator at the CheckPoint side and ask if he supports Visitor Mode (HTTPS).
Reply With Quote