Lets see if this makes sense for the group.

I have CPFP3 and a lot of secure remote users out there.

I use
any -> web.server -> http -> accpt
rule to allow web access into the web server

I also use,
secrmt@any -> web.server/ftp.server -> tcp.xxx -> client-encrypt
rule to allow secrmt users to allow encrypted access into web/ftp
server on tcp.xxx port.

As I understand it, when a remote usrs brings up secure remote and
acceses web server on http port, that connection is encrypted as well.
well this is not working for my securemote users out there, they can
access web/ftp on tcp.xxx port but they get no access to web server on
http port/

why?

I looked thru the checkpoint knowledgebase but nothing. and I wanted
to post this question here first before I contact tech support.