Just the internal is on the client. This allows the SecuRemote client access to internal DNS. Since external DNS does not have to be encrypted it accesses that server un-encrypted.
--- "Thompson, Jeff" <[EMAIL PROTECTED]> wrote: > Are the 2 DNS entries to the Userc.C file on the fw > or the client or both? > > -----Original Message----- > From: Chris H [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 20, 2001 3:11 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote/SecureClient on > win9x w/ NT authenticatio > n.. > > > We have been pretty successful, but have had to do > some work-arounds to make it NT-like. First is that > we implemented Netswitcher. This allows the person > to > put the corp WINS and DNS information in the > settings > with the click of an icon and reboot to activate it > (we have internal and external DNS for security.) > Make sure that the DNS information is being > encrypted > with the two additions to the userc.C file so that > they can get at the DNS server. We run logon > scripts > that work under SDL with NT but for WIN9X we had to > implement a shortcut icon on the desktop to logon > scripts on the domain controllers. The user has to > double click the icon once they have been > authenticated by the FW which then maps all drives > etc. Even though WIN9X doesn't give a successful > domain logon message, NBT communications work once > the > IP connection is successful. For us it has been > adding the small work arounds to provide what the NT > users have. Just not as smooth and seamless as NT. > > --- "Jarmoc, Jeff" <[EMAIL PROTECTED]> > wrote: > > I've tried that, but I found that any changes made > > to the users WINS > > settings in DUN apply to all their dialup > > connections, clearly that's not a > > good thing if they're dialing an ISP or > occasionally > > dialing other corporate > > networks.. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, November 20, 2001 10:41 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] SecureRemote/SecureClient on > > win9x w/ NT > > authentication.. > > > > > > > > I have had very good luck with Win9x clients and > > dialup. There are a > > couple of things that you need to look at. First > is > > to make sure that the > > Logon to Network option is checked on the DialUp > > Connectoid. Second is to > > make sure your WINS servers are hard coded on the > > system. There is > > supposed to be a way to have the WINS servers > > downloaded and used as part > > of the Site information but I have not been able > to > > get that to work. > > Usually, manually adding the WINS servers to the > > dialup adapter is > > sufficient but on rare occasions they need to be > > added to the DialUp > > Connectoid. > > > > Keith White > > > > > > > > > > "Jarmoc, Jeff" > > > > <[EMAIL PROTECTED]> > > To: > > [EMAIL PROTECTED] > > Sent by: Mailing list for > > discussion cc: > > > > of Firewall-1 > > Subject: > > [FW-1] SecureRemote/SecureClient on win9x w/ NT > > > > <[EMAIL PROTECTED] > > authentication.. > > point.com> > > > > > > > > > > > > 11/20/01 10:41 AM > > > > Please respond to Mailing list > > for > > > > discussion of Firewall-1 > > > > > > > > > > > > > > > > > > > > My company has been experiencing some problems > with > > SecureRemote/SecureClient running on win9x > clients. > > Over the past few > > months, we've been rolling out Firewall-1, and > we're > > at the stage in the > > game where we want to start using Secure Remote. > > However, we've > > encountered a pretty serious problem. It seems to > > work fine on WinNT/2000 > > clients, but on 95, 98, Me, etc.. we're having > quite > > a bit of trouble. > > > > The problem is this. A user who dials up to their > > ISP, can connect and > > successfully authenticate to the firewall via > > secureremote. However, this > > only gives them an IP level connection. What we > > need is for them to be > > able to log on to our NT domain, so they can > access > > file servers, Exchange > > and SQL applications, etc. NT and 2000 clients > > don't appear to have any > > trouble, presumably because of these OS's ability > to > > cache credentials and > > other security differences. Also, 95 and 98 users > > who are on cable, DSL, > > or other always-on internet connections don't > appear > > to have any problem. > > I'm assuming the problem lies in the fact that the > > users need to first > > authenticate to their ISP, then authenticate to > our > > domain. Apparently 9x > > doesn't like this process. > > > > Has anyone successfully gotten this to work with > 95 > > and/or 98? Our > > reseller has been less than helpful, and > checkpoint > > themselves have been of > > little help so I'm really hoping someone out there > > can help me with this. > > Secure Remote is one of the biggest reasons we > > bought this product, and our > > difficulties in getting it working have not been > > received well by > > management, nor have our reseller's lack of follow > > through on helping with > > these problems. It's to the point where it'll be > a > > tough sell to keep > > Checkpoint in place if this isn't resolved soon. > > I've tried the usual > > resources - Phoneboy.com, Nokia's web site, > > Checkpoint and Reseller > > support, so my posting here is really a last > effort. > > > > Our firewalls are Nokia IP 650s, running IPSO > 3.4.1 > > and Firewall-1 SP3. > > We've tried every available secureremote build > with > > the same result. If > > anyone wants any further information I'd be more > > than happy to provide it. > > > > Thanks in advance for your assistance. > > > > =============================================== > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > =============================================== > === message truncated === __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
