NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] dnsinfo.C not being downloaded



I believe you already did this, but you must manually add two lines to the
top of the userc.c database file on the securemote client, then create (or
update) the site.  The lines go at the bottom of the very first (:options)
section:

	:dns_xlate (true)
	:dns_encrypt (true)

If you delete and recreate the site in securemote, you must manually re-add
these lines.  The best approach is to get it working just like you want it
on one client, then copy the userc.c file over the default userc.c that
comes on the distribution.  Then, run your installs from there.  That will
also prevent users from having to create the site manually.

Good luck...

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders


-----Original Message-----
From: Rodney Lacroix [mailto:[email protected]]
Sent: Friday, September 15, 2000 5:15 AM
To: [email protected]
Subject: [FW1] dnsinfo.C not being downloaded



Thanks to everyone for their tips on helping me get my split DNS to work.
Unfortunately, it is still not working.

I have identified the DNS server object on my firewall.  I have edited (in
DOS) the dnsinfo.C file (and renamed it to make it case sensitive) with the
appropriate syntax (I believe - I'm still not clear on the brackets, should
there be a space after :obj and the bracket, for example).

I've added a rule in the top of my rulebase saying users@any, encryption
domain, DNS, client-encrypt.

I've added the #define ENCDNS line in the crypt.def file.

I've bounced the server.  I've stopped and restarted it.  I've reloaded the
rulebase....and on and on.

When I update my SecuRemote client, the dnsinfo() area does not get
populated.

My dnsinfo.C file is in the C:\Winnt\FW1\4.1\conf directory, which was
created when I upgraded the firewall from 4.0 to 4.1 SP2.

I'm tired, and getting cranky.  What am I missing?  An implied rule setting?
Should the DNS server be identified in the TCP/IP settings on the firewall
itself (I wouldn't think so)?  My firewall's TCP/IP settings use two ISP
servers as it's DNS, and one internal DNS server (not the one I'm using as a
test for this).  

I think my major problem is the update not happening on the client.  If
someone knows what the userc.C file on the SecuRemote client is supposed to
look like afterwards, I can manually edit it and test.

Again, thanks for the help.

Rodney Lacroix



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.