Not able "Remote Desktop" servers in DMZ

[AB2AB2]

I have posted this message in "SecureRemote|Client" section, but after some research I see that this section is more suitable.

I am troubled with some strange behaviour of my CheckPoint firewall (or maybe I just not competent enough, of course). My setup is quite traditional - three connections: External, Internal and newly established DMZ. I have remote users that connect via SecureRemore/Client.

When my Secure Client users connect, they have full access to Internal network (Service = Any). They can ping, they can Remote Desktop. Everything wonderfull.

Now I have moved couple of Windows servers to the new DMZ network. I have set the rule that looks like the abovementioned, i.e. allow all my Remote users "Any" to these servers. I can connect via terminal connection from my Internal network, I can ping these servers from Internal network (I have set corresponding rules to achieve this). I have set "VPN domain" to "All IP adresses behind Gateway based on topology information" and "For Remote Access Community traffic" - "Same as a Gateway".

And after all that preparations I start testing Secure Client connection.

Here are results. I am able to browse web site that hosted on one of these moved to DMZ servers (via its private IP-address). But I am not able to ping. And most important, I am not able to "remote desktop".

Does anybody have some bright idea what may be wrong? Please, share it with me!

[RayPesek]

What do the log entries in SmartView Tracker show when you try?

I always manually define my VPN Domain so I'm sure I know what's in it. You can create a group and move the desired networks into it and try it that way.

What version and hotfix level are you on?

Ray