Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Not able to log into NT domain when Secure Remote is installed

To: <[email protected]>, <[email protected]>, <[email protected]>
Subject: RE: [FW1] Not able to log into NT domain when Secure Remote is installed
From: "Wendy Gleisner" <[email protected]>
Date: Fri, 02 Feb 2001 12:14:33 -0600
Sender: [email protected]

So, how do you setup a laptop that uses a cable modem at home and also dial-up when away from home
during the day?  Secure Remote will bind to all adapters and you will have the NT domain login problem.
Checkpoint says the answer is to setup a new profile, however, how do you "disable" the dial-up adapter in
NT 4.0 in the profile?

Checkpoint tech support says that you can have this adapter / NT domain login problem even without their
software loaded.  Does anyone know that this is true or is this problem specific to Secure Remote.

Wendy
>>> Rick McMaster <[email protected]> 02/02/01 07:46AM >>>

It has certainly been my experience, and the experience of my clients, that
the best way to implement Secure Remote for laptops that are used both in
the office and at home is to only bind Secure Remote to the dial up adapter.
That way it is not used when the person is connected through the LAN
interface at work.  This is certainly a great way to avoid the exact problem
you are having. 

I disagree, however, with the statement that your change should not have
caused this problem.  The mere fact that it worked before you made the
change and now it doesn't leads one to believe that the change caused the
problem.  It would be my guess that your change to the encryption domain
caused some NT resource that was previously not included in the domain (like
the BDC) to now be included. 

In any case, your best solution is to unbind Secure Remote from the LAN
interface. 

Rick McMaster
Sr. Network Security Engineer
ePlus Technology
http://www.eplus.com 
Nasdaq: PLUS


-----Original Message-----
From: Croft, Ed [mailto:[email protected]] 
Sent: Thursday, February 01, 2001 9:13 PM
To: Checkpoint Mailing List
Subject: [FW1] Not able to log into NT domain when Secure Remote is
installed



My company has Secure Remote (versions 4174, 4166, 4165, etc...) for users
that have DSL connections from their homes.  This works fairly well and they
are able to log onto the NT domain from inside the F/W, or from their DSL
connections outside of the F/W (using NT4 and SDL).  We have had this
solution in place for approx. 6 months.

The other day I needed to add some more networks to my encryption domain
that was defined under the VPN tab of the F/W node in the Policy Editor.  I
saved the changes and applied the ruleset.  Now I can't get logged onto the
NT domain from a client running Secure Remote, but I do get my DHCP
information and I can ping by IP address and name.  If I uninstall the
Secure Remote software, I can then log onto the NT domain.  Is there ANY way
that the additional networks I added to the encryption domain on the F/W
could have anything to do with the client not being able to log onto the NT
domain?  (I have tried updating the site, blowing away the site and
recreating it, and reinstalling the software from scratch on the clients).

According to our vendor support (Verisign), the change that I made to the
encryption domain should not have had any affect on this problem.  But, they
also said that I would have problems logging into the NT domain with the
Secure Remote software installed on all adapters.  I can't believe that this
would work flawlessly for the last 6 months and then all of a sudden stop.
I am wondering if I should completely remove the encryption domain and then
start over from the beginning, but I would like input from people that have
more experience with Checkpoint / Secure Remote.  Thanks in advance for any
ideas that y'all can think of...

-Ed


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] New Firewall doesn't show up on system status!
Next by Date: RE: [FW1] Checkpoint High Availability Module
Previous by thread: Re: [FW1] Not able to log into NT domain when Secure Remote is installed
Next by thread: RE: [FW1] Not able to log into NT domain when Secure Remote is in stalled
Index(es):
- Date
- Thread