Re: Checkpoint client

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 23 Jan 2004 19:27:27 -0600

Hi Sam,

http://www.isaserver.org/pages/newsletters/July.asp

HTH<
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server 2004 Beta - Coming Soon
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] 
Sent: Friday, January 23, 2004 7:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Checkpoint client


http://www.ISAserver.org

Dean,

Thanks so much for the script. I did run run it, which did create the
listed
protocol definitions. I have been aware of which protocols to create but
I
just created packet filters instead of protocol definitions. I wasn't
sure
if Secure NAT clients would use those protocols without a packet filter.
Anyways, I am still not able to get the packets to go thru ISA. I am
using
the latest secure remote client, WINS and DNS are functioning properly.
Do I
need to create any packet filters because at this point all I did is run
the
script? For most of my published servers which are Secure NAT clients I
had
to create packet filters or the publishing rules did.  Right now I get
the
error: Communication with gateway 000.000.000.000. At site XXX failed.
Any
suggestions are much appreciated.

Sam

-----Original Message-----
From: rdean@xxxxxxxxxxxxxxxx [mailto:rdean@xxxxxxxxxxxxxxxx] 
Sent: Thursday, January 22, 2004 5:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Checkpoint client

http://www.ISAserver.org

I ran these scripts and it ran great. I worked on this for a year. Found
that the version of secure remote matters. Must be the NG version. I
could
not get it to work using the firewall client and make sure your wins /
dns
are working from your server.
This is the first part of the script. Look through and change ("Your
Server name here"). to your server.

Secure Remote Script 1:

Const ERROR_ALREADY_EXISTS = 183
Sub CheckError()
On Error Resume Next
If (Err.Number <> 0) And (Err.Number <> ERROR_ALREADY_EXISTS) Then
MsgBox "An error has occured:" & vbCrLf & Err.Description & Err.Number
WScript.Quit Err.Number
End If
End Sub

On Error Resume Next
Set ISA = CreateObject("FPC.Root")
ISA.Refresh
Set Elements = ISA.Arrays("Your Server name here").PolicyElements
Set APolicy = ISA.Arrays("Your Server name here").ArrayPolicy
Set Publishing = ISA.Arrays("dean0").Publishing

'-------------------------------------------------------
Set Protocols = Elements.Protocoldefinitions
Set NewDefinition = Protocols.AddUDP ("002 SecuRemote Auth",3,500)
CheckError
NewDefinition.Description = "CheckPoint Key Control port."

Set NewDefinition = Protocols.AddUDP ("004 CheckPoint UDP
Encapsulation",3,2746)
CheckError
NewDefinition.Description = "CheckPoint UDP Encapsulation port"

Set NewDefinition = Protocols.AddTCP ("006 SecuRemote Topo",1,264)
CheckError
NewDefinition.Description = "CheckPoint: Topology port"

Set NewDefinition = Protocols.AddUDP ("008 FW1_PSLogon_NG",3,18231)
CheckError
NewDefinition.Description = "CheckPoint: used for SecureClient's logon
to
Policy Server protocol"

Set NewDefinition = Protocols.AddTCP ("0010 FW1_SCV_Keep_Alive",1,18233)
CheckError
NewDefinition.Description = "CheckPoint: used for SCV keep-alive
packets"

Set NewDefinition = Protocols.AddTCP ("0012 FW1_SDS_Logon",1,18232)
CheckError
NewDefinition.Description = "CheckPoint: used for SecureClient's
Software
Distribution Server download protocol"

Protocols.Save
CheckError
MsgBox "SecuRemote Setup finished succesfully. It is recommended that
you
restart ISA services after importing."

Secure Remote Script 2:


Const ERROR_ALREADY_EXISTS = 183
Sub CheckError()
On Error Resume Next
If (Err.Number <> 0) And (Err.Number <> ERROR_ALREADY_EXISTS) Then
MsgBox "An error has occured:" & vbCrLf & Err.Description & Err.Number
WScript.Quit Err.Number
End If
End Sub

On Error Resume Next
Set ISA = CreateObject("FPC.Root")
ISA.Refresh
Set Elements = ISA.Arrays("Your Server Name").PolicyElements
Set APolicy = ISA.Arrays("Your Server Name").ArrayPolicy
Set Publishing = ISA.Arrays("Your Server Name").Publishing

'-------------------------------------------------------
Set Protocols = Elements.Protocoldefinitions
Set NewDefinition = Protocols.AddUDP ("003 SecuRemote Auth",2,500)
CheckError
NewDefinition.Description = "CheckPoint Key Control port."

Set NewDefinition = Protocols.AddUDP ("005 CheckPoint UDP
Encapsulation",2,2746)
CheckError
NewDefinition.Description = "CheckPoint UDP Encapsulation port"

Set NewDefinition = Protocols.AddTCP ("007 SecuRemote Topo",0,264)
CheckError
NewDefinition.Description = "CheckPoint: Topology port"

Set NewDefinition = Protocols.AddUDP ("009 FW1_PSLogon_NG",2,18231)
CheckError
NewDefinition.Description = "CheckPoint: used for SecureClient's logon
to
Policy Server protocol"

Set NewDefinition = Protocols.AddTCP ("011 FW1_SCV_Keep_Alive",0,18233)
CheckError
NewDefinition.Description = "CheckPoint: used for SCV keep-alive
packets"

Set NewDefinition = Protocols.AddTCP ("013 FW1_SDS_Logon",0,18232)
CheckError
NewDefinition.Description = "CheckPoint: used for SecureClient's
Software
Distribution Server download protocol"

Protocols.Save
CheckError
MsgBox "SecuRemote Setup finished succesfully. It is recommended that
you
restart ISA services after importing."

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adminone@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Checkpoint client
• » RE: Checkpoint client
• » Checkpoint client
• » Re: Checkpoint client
• » Re: Checkpoint client
• » Re: Checkpoint client
• » RE: Checkpoint client
• » Re: Checkpoint client
• » Re: Checkpoint client

1. Home
2. isalist
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---