Re: [squid-users] Checkpoint FW1 & Securemote client

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 31 May 2002 09:45:19 +0200

Wei Keong wrote:

> The user is able to use telnet, ftp through Securemote. He should have no
> problem connect to the Checkpoint firewall. Moreover, the reply is not
> 'authentication failed' but 'page cannot display'.

Verify that the user hasn't configured his browser to use your proxy. If
it has the proxy configuration of the broser will most likely bypass the
secure tunnel set up by Securemote.

> The problem is the transparent proxy will 'hijack' all port 80 traffic and
> redirect to the Squid box. Seems that with TP will not work in this case...

If Securemote is doing it's job properly in the way described by others
here, your systems should not see any longer that the traffic is for
port 80...

If securemote abuses port 80 for the encrypted tunnel traffic in order
to more easily pass firewalls etc then that is the problem.

What you can do if securemote abuses port80 is to exclude the address of
the firewall from your transparent proxying. You do not need to exlude
the user, only this specific destination.
Received on Fri May 31 2002 - 01:48:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:17 MST