SecureClient traffic to DMZ and problem with Office Communicator 1

[RegTellis]

Another minor annoyance that I am wondering if someone might have some suggestions for:

1. I am unable to ping anything on my DMZ from my secureclient. Am I missing something in my policy somewhere?

2. I notice that if I use my office communicator through the vpn, all the attributes of it that I normally enjoy when connected to the LAN, I do not have within the VPN. For example, all the corporate address book information does not show up like it does on the lan but I can still do the basic stuff like IM and data share, etc.?

 

[ansellrk]

Is your DMZ defined as part of the 'encrypted domain'? If it isn't then this is the problem.

 

[RegTellis]

Hmmnnn, that makes some kind of sense, i suppose, but i am at a loss as to where exactly I would add/define my DMZ as part of the encrypted domain?

 

[FWHATER]

Try right-clicking on the fw object and choose edit. Look in the right pane and choose topology. Look towards the bottom on the right. There, you should find the vpn encryption domains (that you have previously defined, right ?) The network for your dmz should be in that encrypted domain. You're telling Checkpoint, these are the private networks native to my fw.

Your rule should look something like this:

src destination vpn service
vpn group encyption domain vpn community any

Hope this helps.