Possibly a question for a Checkpoint forum but i can't seem to find too much info plus I do not administer the ChkPt.
i have users on a customer site with various versions - mainly 4.7.x but some 5.x which is where i have the problem.
Some 4.7.x clients would get session dropouts with "Lost Service" in the Pix 8.x logs. The ChkPt admin let me know inbound (to customer site) udp-500 was getting droped and I got him to open it up. This has fixed the 4.7 issues.
But the 5.x clients, which I'd like to roll out, still have some problems and the ChkPt admin has seen various udp drops including 1063 - 1065 and 1410. There are probably others but he just looked at a few logs.
The ChkPt does no NATing - it is a pvt WAN link (but VPN client access still required)
Does anyone know:
- What ports 5.x uses and how to force it from the PIX?
- Or a ChkPt rule that allows VPN passthru
- Or if the above is possible considering 5.x seems to use a moving set of ports.
Any help much appreciated,