This is not true with secureclient/office mode but it is true with securemote or secureclient. With secureclient/office mode all DNS request are sent to the internal DNS server regardless of domain suffix. Hence the problem. When you define the domain for office mode you do not have the option to add a label count as with the securemote DNS servers, I have found no difference in behavior by leaving the domain name blank under the office mode domain settings.
Secureclient/office mode does work with DNS fail over but this is not split DNS and should not be advertised as such. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Filler Sagiv-BSF012 Sent: Thursday, December 02, 2004 4:10 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] split DNS with office mode Ray , As far as I know only DNS queries which go to the internal DNS server (DNS queries which has the internal domain suffix) will actually go there encrypted while all other DNS queries (DNS queries which contains all DNS suffix other then the internal domain) will go to the ISP DNS. The DNS query by default is being sent to the DNS of the ISP. If and only If the SecureClient's kernel "notice" that the suffix "belongs" to the internal server (DNS queries which has the internal domain suffix) then it will perform NAT to the internal DNS server. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
