Hi Sam, http://www.isaserver.org/pages/newsletters/July.asp HTH< Tom Thomas W Shinder www.isaserver.org/shinder ISA Server 2004 Beta - Coming Soon ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Friday, January 23, 2004 7:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Checkpoint client http://www.ISAserver.org Dean, Thanks so much for the script. I did run run it, which did create the listed protocol definitions. I have been aware of which protocols to create but I just created packet filters instead of protocol definitions. I wasn't sure if Secure NAT clients would use those protocols without a packet filter. Anyways, I am still not able to get the packets to go thru ISA. I am using the latest secure remote client, WINS and DNS are functioning properly. Do I need to create any packet filters because at this point all I did is run the script? For most of my published servers which are Secure NAT clients I had to create packet filters or the publishing rules did. Right now I get the error: Communication with gateway 000.000.000.000. At site XXX failed. Any suggestions are much appreciated. Sam -----Original Message----- From: rdean@xxxxxxxxxxxxxxxx [mailto:rdean@xxxxxxxxxxxxxxxx] Sent: Thursday, January 22, 2004 5:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Checkpoint client http://www.ISAserver.org I ran these scripts and it ran great. I worked on this for a year. Found that the version of secure remote matters. Must be the NG version. I could not get it to work using the firewall client and make sure your wins / dns are working from your server. This is the first part of the script. Look through and change ("Your Server name here"). to your server. Secure Remote Script 1: Const ERROR_ALREADY_EXISTS = 183 Sub CheckError() On Error Resume Next If (Err.Number <> 0) And (Err.Number <> ERROR_ALREADY_EXISTS) Then MsgBox "An error has occured:" & vbCrLf & Err.Description & Err.Number WScript.Quit Err.Number End If End Sub On Error Resume Next Set ISA = CreateObject("FPC.Root") ISA.Refresh Set Elements = ISA.Arrays("Your Server name here").PolicyElements Set APolicy = ISA.Arrays("Your Server name here").ArrayPolicy Set Publishing = ISA.Arrays("dean0").Publishing '------------------------------------------------------- Set Protocols = Elements.Protocoldefinitions Set NewDefinition = Protocols.AddUDP ("002 SecuRemote Auth",3,500) CheckError NewDefinition.Description = "CheckPoint Key Control port." Set NewDefinition = Protocols.AddUDP ("004 CheckPoint UDP Encapsulation",3,2746) CheckError NewDefinition.Description = "CheckPoint UDP Encapsulation port" Set NewDefinition = Protocols.AddTCP ("006 SecuRemote Topo",1,264) CheckError NewDefinition.Description = "CheckPoint: Topology port" Set NewDefinition = Protocols.AddUDP ("008 FW1_PSLogon_NG",3,18231) CheckError NewDefinition.Description = "CheckPoint: used for SecureClient's logon to Policy Server protocol" Set NewDefinition = Protocols.AddTCP ("0010 FW1_SCV_Keep_Alive",1,18233) CheckError NewDefinition.Description = "CheckPoint: used for SCV keep-alive packets" Set NewDefinition = Protocols.AddTCP ("0012 FW1_SDS_Logon",1,18232) CheckError NewDefinition.Description = "CheckPoint: used for SecureClient's Software Distribution Server download protocol" Protocols.Save CheckError MsgBox "SecuRemote Setup finished succesfully. It is recommended that you restart ISA services after importing." Secure Remote Script 2: Const ERROR_ALREADY_EXISTS = 183 Sub CheckError() On Error Resume Next If (Err.Number <> 0) And (Err.Number <> ERROR_ALREADY_EXISTS) Then MsgBox "An error has occured:" & vbCrLf & Err.Description & Err.Number WScript.Quit Err.Number End If End Sub On Error Resume Next Set ISA = CreateObject("FPC.Root") ISA.Refresh Set Elements = ISA.Arrays("Your Server Name").PolicyElements Set APolicy = ISA.Arrays("Your Server Name").ArrayPolicy Set Publishing = ISA.Arrays("Your Server Name").Publishing '------------------------------------------------------- Set Protocols = Elements.Protocoldefinitions Set NewDefinition = Protocols.AddUDP ("003 SecuRemote Auth",2,500) CheckError NewDefinition.Description = "CheckPoint Key Control port." Set NewDefinition = Protocols.AddUDP ("005 CheckPoint UDP Encapsulation",2,2746) CheckError NewDefinition.Description = "CheckPoint UDP Encapsulation port" Set NewDefinition = Protocols.AddTCP ("007 SecuRemote Topo",0,264) CheckError NewDefinition.Description = "CheckPoint: Topology port" Set NewDefinition = Protocols.AddUDP ("009 FW1_PSLogon_NG",2,18231) CheckError NewDefinition.Description = "CheckPoint: used for SecureClient's logon to Policy Server protocol" Set NewDefinition = Protocols.AddTCP ("011 FW1_SCV_Keep_Alive",0,18233) CheckError NewDefinition.Description = "CheckPoint: used for SCV keep-alive packets" Set NewDefinition = Protocols.AddTCP ("013 FW1_SDS_Logon",0,18232) CheckError NewDefinition.Description = "CheckPoint: used for SecureClient's Software Distribution Server download protocol" Protocols.Save CheckError MsgBox "SecuRemote Setup finished succesfully. It is recommended that you restart ISA services after importing." ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')