Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] dnsinfo.C & LMhosts

To: "Johnson, Dave" <[email protected]>
Subject: Re: [FW1] dnsinfo.C & LMhosts
From: CryptoTech <[email protected]>
Date: Sat, 02 Dec 2000 00:44:55 -0500
Cc: [email protected]
References: <93F9BB7BA5BAD011A9D022B5099@NFLFEX01>
Sender: [email protected]

To all interested.
WOW.  This was a buster.  Documentation for this one is admittedly ----- WRONG.
EVERY example out there is -- say it aloud as you read --- WRONG.

OK, attached is a sample dnsinfo.C file.  But first, a few notes.

1.  You MUST change crypt.def on the management station -- look for the line that
mentions USERC_DECRYPT_SRC.
        Above this line add  #define ENCDNS.  save and exit.
2.  using this file, change the relevant server names and ip addresses to match your
particular settings.  This file works
        with 4.1 sp1, but it should work with any 4.1 or 4.0 version.
3.  Once you have completed 1 and 2, INSTALL POLICY.  Then RESTART the management
server.
        -VITAL-CRITICAL.  I wrestled for 2 hours with this the first time, and
learned via trial and error.

Note:  If you want to be able to download topology from the module (authenticated
download, IKE based.)  you MUST do items 1 and 2 on the enforcement point
$FWDIR/lib/crypt.def and $FWDIR/conf/dnsinfo.C --  For those of you concerned, my
management is on NT and enforcement is on SUN.

I'm sure I'll get a lot of questions, so any other mail responses may be delayed.


"Johnson, Dave" wrote:

> I hope someone can answer this. Am I correct in thinking that the
> information under the LMdata header in the dnsinfo.C will be appended to the
> LMhosts file on the SecureClient machine?
>
> I have two samples of a dsninfo.C file (both from CheckPoint) that I
> personalized for our network and installed in the /conf directory of the
> management console. After doing fwstop & start and pushing the policy, I
> would log in with SecureClient, download the topo and check the LMhosts file
> and find that it was not updated.
>
> This would seem to indicate that the syntax of the dnsinfo.C file is
> incorrect. However, I did a copy/paste with each of the sample files that I
> received from CheckPoint and neither of them worked so it doesn't seem like
> that is the case.
>
> Could someone tell me if my initial thinking is correct that the local
> LMhosts file should be updated and/or any thoughts on why you think it's not
> working? Also, is there any reference material anywhere that would tell me
> exactly what the syntax should be?
>
> Thanks in advance for any and all help,
> Dave
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

Attachment: dnsinfo.C
Description: application/unknown-content-type-c_auto_file

Prev by Date: Re: [FW1] Nokia HA options
Next by Date: Re: [FW1] SR behind NAting device
Previous by thread: RE: [FW1] Vpn connection times out on dial up line
Next by thread: RE: [FW1] dnsinfo.C & LMhosts
Index(es):
- Date
- Thread