| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Split DNS with SecuRemote and 4.1 does not work even a little
I'm going bald trying to get this to work.
I have been trying to go over the split DNS configuration on my firewall (4.1/ SP2), and cannot get it to work. Per the documentation I've found on this mailing list and on Phoneboy, I've done the following:
1) Created a dnsinfo.C file in the $FWDIR/conf directory on the firewall (the Management module and firewall are one and the same)
2) Edited the userc.C file on the SecuRemote client.
Here's what I get:
The userc.c file looks no different when I update the site from SecuRemote. I'm not sure what it's supposed to look like, or what it's supposed to download.
I can only ping my DNS server, nothing defined as a host on the DNS server.
My dnsinfo.C looks like this:
(
:dns_servers (
: (kramer.firewall
:obj (
: (10.1.100.100)
)
:topology (
: (
:ipaddr (10.1.0.0)
:ipmask (255.255.0.0)
)
)
...etc., etc. per the instructions and addendums.
Questions: what is the significance of the dns_svr_name.fw_name fields, and where is it getting this information? Does the DNS server need to be identified as a workstation object on the firewall with that name? Are there any specific settings in the rulebase (either implied or otherwise) that need to be set to make this work?
I've even tried the "disable MD5" setting, and still nothing. I see "nbname" packets going to my DNS server, but my DNS server shows no requests being made to it.
Any help is greatly appreciated.
Rodney Lacroix
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
