I have always understood that Client Auth had to be above Stealth rules. This is what I have found in the Checkpoint documentation:
Quote:
Make sure all Client Authentication Rules are placed above the Rule that prevents
direct connections to the VPN-1 Pro Gateway (the “Stealth Rule”), so that they
have access to the VPN-1 Pro Gateway. |
Do you have any other rules that allow access for client auth to be below your stealth rule?