FireWall-1 FAQ: SecuRemote with DSL or Cable Modem Connections
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
Generally speaking, Securemoet can be used with DSL or Cable connections. However, in many cases, the providers implement certain technologies like NAT and PPPoE (PPP over Ethernet). NAT is problematic because most of the DSL/Cable modems can not do NAT in a way that is compatible with SecuRemote. For details about what your NAT must be able to do in order to work with SecuRemote, see the following FAQ: SecuRemote Client and NAT.
PPPoE is starting to become very common with DSL carriers. It effectively treats the DSL connection as a dial-up connection that is brought up on demand. SecuRemote will either have a problem binding to the PPPoE adaptor or will have performance problems. Jim Noble provides the following advice, which helped him:
- Set the MTU size to ~1200 bytes (see Troubleshooting SecuRemote Connections)
- Remove SecuRemote from the startup process and start it manually after the PPPoE connection is brought up (see Disabling SecuRemote on Startup)
Andrew Fullagar got this to work using Network Telesystems Enternet software by performing the following steps:
- Install SR on all adapters - (which you have to anyway)
- Unbind the FW1 Prot from the NIC after reboot
- Check to see TCP/IP has not disappeared for the NIC (Normal TCP/IP - add it back if so)
- Remove TCP/IP for the PPPoE adapter (I found that was the main problem)
- Make sure there is an entry for the FW1 adapter bound to the PPPoE adapter and an entry for TCP/IP bound to the FW1(PPPoE) adapter
- In the enternet software, under properties for the connection make sure you choose the NIC as the adapter not an FW1 adapter.
Victor Rem came across these steps to make it work: * After re-installing the Enterner 300 re-install, kill references of FireWall-1 in the network properties and reboot. * Re-install Secure Client on all adaptors. * Reboot in safe-mode. * In the network settings, kill FW1 (Efficient Networks 4060) * Add TCP/IP Protocol and remove protocol TCP/IP->Network Telesys PPPoE. * When you're done, it should look like: Efficient Networks 4060 FW1 Adaptor Network Telesystems 4060 FW1->Feeicient Networks 4060 FW1->Network Telesystems PPPoE TCP/IP->Efficient Networks 4060 ** TCP/IP->FW1 * Reboot in normal mode and everything should work
Deb London claims she was able to get it to work with the 1.3 version of the Enternet 100 software using SecuRemote build 4005.
Kurt Falde says one of his end users was able to get it to work with RASPPPoE with Windows 2000 and Secure Client 4165 (also available for Win98/98SE/ME).
Assuming you can get this to work, the next obvious question is: can I share my Internet connection? Generally speaking, yes. See the following FAQ: SecuRemote and Sharing an Internet Connection