Checkpoint Securemote VPN connection over enterprise network.

Posted on 2004-11-19
Last Modified: 2013-11-16
We have been asked to connect to an application hosted on the Internet using Checkpoint Securemote and will need to install the client software on some of our users' PCs. Obviously as we are not authenticating the client request, we just need to route the connection request across our LAN/WAN and out through our firewalls (a mix of Checkpoint FW1 and Gauntlet). My question is:-

Do we just have to enable TCP port 264 on the firewall to pass the request out to the big wide world, or is there a different/better way of doing this?

Question by:Madders
    LVL 14

    Accepted Solution

    You enable it on the firewall, but what you enable depends on the client settings.

    Your best bet is to get it working in a non-firewalled lab environment and then use a sniffer to see exactly what protocols and ports are in use.

    You're likely to see UDP/500 for IKE and also IP/ESP for data transfer.
    LVL 3

    Assisted Solution

    If "IKE over TCP" is turned on, add TCP/500 to the list, and if "NAT traversal"="UDP encapsulation" is turned on, add UDP/2746 as well.
    If you're using SecuRemote NG R56, it has this new mode, called "Visitor Mode". It passes all traffic, including Key exchange, etc. through a regular tcp/443. To turn it on, go to Settings->Properties->Advanced tab->Visitor mode. Keep in mind ~50% traffic rate drop penalty.... (No free lunch) :-)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    Create Sample Internet Traffic 1 68
    Upgrading the firmware on a XTMv 8 70
    info required for port scans 1 40
    Firewall connection 10 58
    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now