My
company has been experiencing some problems with SecureRemote/SecureClient
running on win9x clients. Over the past few months, we've been rolling
out Firewall-1, and we're at the stage in the game where we want to start
using Secure Remote. However, we've encountered a pretty serious
problem. It seems to work fine on WinNT/2000 clients, but on 95, 98, Me,
etc.. we're having quite a bit of trouble.
The problem is
this. A user who dials up to their ISP, can connect and
successfully authenticate to the firewall via
secureremote. However, this only gives them an IP level
connection. What we need is for them to be able to log on to our NT
domain, so they can access file servers, Exchange and SQL applications,
etc. NT and 2000 clients don't appear to have any trouble, presumably
because of these OS's ability to cache credentials and other security
differences. Also, 95 and 98 users who are on cable, DSL, or other
always-on internet connections don't appear to have any problem. I'm
assuming the problem lies in the fact that the users need to first
authenticate to their ISP, then authenticate to our domain. Apparently
9x doesn't like this process.
Has anyone
successfully gotten this to work with 95 and/or 98? Our reseller has
been less than helpful, and checkpoint themselves have been of little help so
I'm really hoping someone out there can help me
with this. Secure Remote is one of the biggest reasons we bought this
product, and our difficulties in getting it working have not been received
well by management, nor have our reseller's lack of follow through on helping
with these problems. It's to the point where it'll be a tough sell to
keep Checkpoint in place if this isn't resolved soon. I've tried the
usual resources - Phoneboy.com, Nokia's web site, Checkpoint and Reseller
support, so my posting here is really a last
effort.
Our firewalls are Nokia IP 650s, running IPSO 3.4.1
and Firewall-1 SP3. We've tried every available secureremote build with
the same result. If anyone wants any further information I'd be more
than happy to provide it.
Thanks in advance for your
assistance.