| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] dnsinfo.C & LMhosts
The dnsinfo.c doesn't get download from the management module to the Firewall
Module.
I need to copy it manualy from the management module to the firewall.
Do i need to modify some config file in order to make it work ?
"Carmelo Marturana @ Corporate" <Carmelo.Marturana on 12/04/2000 09:22:40
To: "'CryptoTech'" <[email protected]>
cc: "'[email protected]'"
<[email protected]> (bcc: Sylvain
Leblanc/MTD/BTG/Bombardier)
Subject: RE: [FW1] dnsinfo.C & LMhosts
When you reference "enforcement point" do you mean on the firewall box
itself? Does the DNSINFO.C have to be modified there as well as the
Management Console. I'm running NT 4.0 on both boxes.
-----Original Message-----
From: CryptoTech [mailto:[email protected]]
Sent: Friday, December 01, 2000 11:45 PM
To: Johnson, Dave
Cc: [email protected]
Subject: Re: [FW1] dnsinfo.C & LMhosts
To all interested.
WOW. This was a buster. Documentation for this one is admittedly -----
WRONG.
EVERY example out there is -- say it aloud as you read --- WRONG.
OK, attached is a sample dnsinfo.C file. But first, a few notes.
1. You MUST change crypt.def on the management station -- look for the line
that
mentions USERC_DECRYPT_SRC.
Above this line add #define ENCDNS. save and exit.
2. using this file, change the relevant server names and ip addresses to
match your
particular settings. This file works
with 4.1 sp1, but it should work with any 4.1 or 4.0 version.
3. Once you have completed 1 and 2, INSTALL POLICY. Then RESTART the
management
server.
-VITAL-CRITICAL. I wrestled for 2 hours with this the first time,
and
learned via trial and error.
Note: If you want to be able to download topology from the module
(authenticated
download, IKE based.) you MUST do items 1 and 2 on the enforcement point
$FWDIR/lib/crypt.def and $FWDIR/conf/dnsinfo.C -- For those of you
concerned, my
management is on NT and enforcement is on SUN.
I'm sure I'll get a lot of questions, so any other mail responses may be
delayed.
"Johnson, Dave" wrote:
> I hope someone can answer this. Am I correct in thinking that the
> information under the LMdata header in the dnsinfo.C will be appended to
the
> LMhosts file on the SecureClient machine?
>
> I have two samples of a dsninfo.C file (both from CheckPoint) that I
> personalized for our network and installed in the /conf directory of the
> management console. After doing fwstop & start and pushing the policy, I
> would log in with SecureClient, download the topo and check the LMhosts
file
> and find that it was not updated.
>
> This would seem to indicate that the syntax of the dnsinfo.C file is
> incorrect. However, I did a copy/paste with each of the sample files that
I
> received from CheckPoint and neither of them worked so it doesn't seem
like
> that is the case.
>
> Could someone tell me if my initial thinking is correct that the local
> LMhosts file should be updated and/or any thoughts on why you think it's
not
> working? Also, is there any reference material anywhere that would tell me
> exactly what the syntax should be?
>
> Thanks in advance for any and all help,
> Dave
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
