Wrong officemode adress after changing the office pool

[prdehoop]

Hi,

I have an test situation for taking in production. i expiriense a problem whem i change the officemode pool to an new pool. The old clients still use there old ip adres from the old office pool with it not used anymore.

Is there a way to flush the dhcp table so everybody that logs in get the an new ip of the new pool ?

Regards

Checkpoint NGX R60
Secure client R56 and R60

[melipla]

Unfortunately I've experienced the same thing. I'm not sure if these clients reconnect before the lease time expires enabling them to renew it but there is definitely odd behavior with OM IPs leases.

The easiest way I've found to reset their OM is to remove it. SecureClient records the OM IP it receives into the systems registry. Removing the registry entry will force SecureClient to retrieve a new OM IP.

HKLM\Software\CheckPoint\SecuRemote\5.0\OM

You should see a "OM.<gateway IP>" which has the value of their current OM IP.

HTH

[RayPesek]

I know with R55 you had to reboot the firewall for a change in the Office Mode IP Pool to take effect. There is an SK article about it. I don't know if this needs to be done for NGX, though.

Ray

[Thorpuse]

The issue is still there in NGX. NGX will cache an association between the username and allocated OM IP address for the lease time. cpstop/cpstart will normally fix it IIRC.

[prdehoop]

thanxs all, the only fix we found was cpstop cpstart as mentioned above.

Its a strange bug that isn't fix still not in R60, still need to check R65 if its fixed there, i'm afraid that we need an restart there also..

Keep you'll informed.

[Thorpuse]

It's not a bug, it's by design - the lease is reserved for continuity if the SR/SC connection drops out.

[scottikon]

Securknowledge article sk30550 is worth a read. It does mention about manually clearing the OM connections table on the gateway: -

"* fw tab -t marcipan_ippool_users -x command - used to manually clear the Office Mode connections table on the Gateway; this can be used after making changes to the Office Mode IP addresses, instead of rebooting the Gateway to make those changes effective."