SecureClient blocking all inbound...despite policy allowing all.

[rstockton]

I have an NG FP2 firewall and SecuClient clients. I'm testing a policy that allows pcanywhere from the encryption domain (me) to a secure client for tech support. However, the client log shows the port being blocked even though it's opened.

I've tried changing the client's policy to allow any, yet the log on the client still shows the port being blocked.

Any suggestions?

 

[Piloria]

Look at the firewall log
this will tell you how the firewall is handaling it (and by which rule)
you may find the firewall blocking by a diferent method.

 

[rstockton]

The log (on the client) shows the pcanywhere ports being blocked. The checkpoint log shows the traffic outbound being encrypted to the secure client.

I wonder if I need the rule to be "encrypt" instead of "allow"...

...brb

 

[dfedders]

Is your rule allowing the pcanywhere ports BEFORE any rules that would be blocking that port? Checkpoint takes the rules in order, and if you have one that blocks anything incoming, and then one allowing something after, it won't work.

 

[rstockton]

The "clean-up" rule is last. For testing..i've even tried any/any/accept/all.

Piloria...messing w/"encrypt" did not help either.

The Desktop Policy shows:

Inbound:
accept all

Outbound:
accept all

Yet the Desktop log still is blocking inbound...