Re: [FW-1] Securemote VPN - SDL Login to a Windows 2000 Domain using Active Directory Services

["Palmer, Kevin" <KPalmer@FW1-NOSPAMGSITE.COM>]

Jim,

I'm having the same problem. I am running NG HF2 on W2K SP2 with all of
the security hotfixes (as of 10/01). I have yet to see a broadband user
log into the domain with SDL in under 5 minutes.

As a test, I'm going to connect my notebook to the public Internet side
of the firewall and time how long it takes to log in from a 10Mbps
ethernet connection.

Kevin Palmer
Granite Solutions

-----Original Message-----
From: Jim Laverty [mailto:jlaverty2@EARTHLINK.NET]
Sent: Friday, October 19, 2001 11:30 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: [FW-1] Securemote VPN - SDL Login to a Windows 2000 Domain
using Active Directory Services
Importance: High


We have been using Securemote on Win2K clients to login to a Windows
2000
domain (non-mixed mode), running active directory services (ADS).  We're
using Nokia's 3.4.1 IPSO and FW-1 4.1 SP-5 (plus the latest SP-5
hotfix).  Since I have installed SP-5 our login times over broadband
connections has been about 8-12 minutes, we were seeing 2 minute logins.

I've been on the phone with Nokia and now they say Checkpoint does not
support Secure Domain Login (SDL) with Windows 2000 and ADS.  Has anyone
else gotten this to work on SP-5 and if so, have you see the performance
hit?

I'm running tcpdump (on the firewalls) and Sniffer Pro (on the ADS and
client boxes).  I'm seeing lots of fragmentation on the firewall, even
with
the modzap hack for fragmentation.

Any suggestions are welcome.

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================