My company has been experiencing some problems with
SecureRemote/SecureClient running on win9x clients. Over the past few
months, we've been rolling out Firewall-1, and we're at the stage in
the game where we want to start using Secure Remote. However, we've
encountered a pretty serious problem. It seems to work fine on
WinNT/2000 clients, but on 95, 98, Me, etc.. we're having quite a bit
of trouble.
The problem is this. A user who dials up to their ISP, can connect
and successfully authenticate to the firewall via secureremote.
However, this only gives them an IP level connection. What we need is
for them to be able to log on to our NT domain, so they can access
file servers, Exchange and SQL applications, etc. NT and 2000 clients
don't appear to have any trouble, presumably because of these OS's
ability to cache credentials and other security differences. Also, 95
and 98 users who are on cable, DSL, or other always-on internet
connections don't appear to have any problem. I'm assuming the
problem lies in the fact that the users need to first authenticate to
their ISP, then authenticate to our domain. Apparently 9x doesn't
like this process.
Has anyone successfully gotten this to work with 95 and/or 98? Our
reseller has been less than helpful, and checkpoint themselves have
been of little help so I'm really hoping someone out there can help me
with this. Secure Remote is one of the biggest reasons we bought this
product, and our difficulties in getting it working have not been
received well by management, nor have our reseller's lack of follow
through on helping with these problems. It's to the point where it'll
be a tough sell to keep Checkpoint in place if this isn't resolved
soon. I've tried the usual resources - Phoneboy.com, Nokia's web
site, Checkpoint and Reseller support, so my posting here is really a
last effort.
Our firewalls are Nokia IP 650s, running IPSO 3.4.1 and Firewall-1
SP3. We've tried every available secureremote build with the same
result. If anyone wants any further information I'd be more than
happy to provide it.
Thanks in advance for your assistance.