> On 03/16/2011 04:31 AM, rh at ffpx dot de wrote:
>> Hi,
>>
>> I have enabled CP. As I have sometimes home-office I connected my
>> enterprise laptop with check-point VPN-Client.
>>
>> I put ALL MAC-Adresses of that Notebook, even the virtual of the
>> checkpoint-client also as something like a Toredo-tunnel and the
>> ethernet-MAC into the "MAC-pass-through" list - 3 lines all together.
>>
>> But when I try to connect I get something like connection not possible
>>
>> When I disable captive portal, the connection is established without
>> problems
>>
>> Does anybody have an idea - why and/or how I could making connect this
>> WITH Captive Portal?
>
> With MAC address passthrough, you still have to establish a http  
> connection first.  MAC address passtrhough is like  
> pre-authentication, but you still need to athunticate. What you want  
> is Allowed IP addresses, and a static DHCP assignment.  Than you can  
> start with the VPN.
>
> 			Lee
>
Hi Lee,

thanks a lot for your tips - It works now fine! - But I am wondering,  
why all clients until now were able to connect via http and https to  
the internet only with passtrough by mac-address...?
NOW as I put in the first IP in allowed IP-Addresses I had also to put  
other addresses to make them work again, since they were now suddenly  
blocked... - strange behaviour -...

But as I see, security is not really easy to realize - there is a lot  
stuff to know...;-(

Ralf