[FW1] SecureRemote - DNS not encrypting

Thu, 27 Jul 2000 05:32:19 -0700 


Hi,

I've been looking a problem with SecureRemote where DNS is not encrypting
(which puzzles me since I can think of no reason any sysadmin would want
their entire internal DNS internet visible !)

Tech stuff

        FW -  NT4, SP6a, CP2000 4.1 SP1 +hotfix (build 41603)
        Client NT4, SP6a, SR build 4157
        Encryption rule is using FWZ encryption.

Client encryption rule
        SRUsers Any     Any     Client Encrypt

I can dial-up, authenticate and do everything except DNS queries (which show
as unencrypted in a packet trace on the workstation)

The CP2000 VPN book includes a section on encrypting DNS and I've done the
dnsinfo.c, userc.c updates etc, however the crypt.def update does not in any
way match the code that is already there. - there is an "#ifdef
SECUREREMOTE" code block that appears in the existing curly brace section.

Question : Is the CP2000 book wrong or does the existing code get removed,
added before, after, etc  (Seeing a couple of surrounding lines in the
printed code extract would be handy !

Question - Checkpoint -- WHY would I not want to encrypt internal DNS
queries like the rest of my traffic ?-- after all my rules base that I want
to download says "Remote -> Any for Any" -- not "Remote -> Any for anything
but DNS"

Anyone seen this or better still know of a fix ?

Cheers

Tim
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to