NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecureRemote/SecureClient on win9x w/ NT authenticatio n..



Just the internal is on the client.  This allows the
SecuRemote client access to internal DNS.  Since
external DNS does not have to be encrypted it accesses
that server un-encrypted.

--- "Thompson, Jeff" <[email protected]> wrote:
> Are the 2 DNS entries to the Userc.C file on the fw
> or the client or both?
>
> -----Original Message-----
> From: Chris H [mailto:[email protected]]
> Sent: Tuesday, November 20, 2001 3:11 PM
> To: [email protected]
> Subject: Re: [FW-1] SecureRemote/SecureClient on
> win9x w/ NT authenticatio
> n..
>
>
> We have been pretty successful, but have had to do
> some work-arounds to make it NT-like.  First is that
> we implemented Netswitcher.  This allows the person
> to
> put the corp WINS and DNS information in the
> settings
> with the click of an icon and reboot to activate it
> (we have internal and external DNS for security.)
> Make sure that the DNS information is being
> encrypted
> with the two additions to the userc.C file so that
> they can get at the DNS server.  We run logon
> scripts
> that work under SDL with NT but for WIN9X we had to
> implement a shortcut icon on the desktop to logon
> scripts on the domain controllers.  The user has to
> double click the icon once they have been
> authenticated by the FW which then maps all drives
> etc.  Even though WIN9X doesn't give a successful
> domain logon message, NBT communications work once
> the
> IP connection is successful.  For us it has been
> adding the small work arounds to provide what the NT
> users have.  Just not as smooth and seamless as NT.
>
> --- "Jarmoc, Jeff" <[email protected]>
> wrote:
> > I've tried that, but I found that any changes made
> > to the users WINS
> > settings in DUN apply to all their dialup
> > connections, clearly that's not a
> > good thing if they're dialing an ISP or
> occasionally
> > dialing other corporate
> > networks..
> >
> > -----Original Message-----
> > From: [email protected]
> [mailto:[email protected]]
> > Sent: Tuesday, November 20, 2001 10:41 AM
> > To: [email protected]
> > Subject: Re: [FW-1] SecureRemote/SecureClient on
> > win9x w/ NT
> > authentication..
> >
> >
> >
> > I have had very good luck with Win9x clients and
> > dialup.  There are a
> > couple of things that you need to look at.  First
> is
> > to make sure that the
> > Logon to Network option is checked on the DialUp
> > Connectoid.  Second is to
> > make sure your WINS servers are hard coded on the
> > system.  There is
> > supposed to be a way to have the WINS servers
> > downloaded and used as part
> > of the Site information but I have not been able
> to
> > get that to work.
> > Usually, manually adding the WINS servers to the
> > dialup adapter is
> > sufficient but on rare occasions they need to be
> > added to the DialUp
> > Connectoid.
> >
> > Keith White
> >
> >
> >
> >
> >                     "Jarmoc, Jeff"
> >
> >                     <[email protected]>
> >            To:
> > [email protected]
> >                     Sent by: Mailing list for
> > discussion        cc:
> >
> >                     of Firewall-1
> >            Subject:
> > [FW-1] SecureRemote/SecureClient on win9x w/ NT
> >
> > <[email protected]
> > authentication..
> >                     point.com>
> >
> >
> >
> >
> >
> >                     11/20/01 10:41 AM
> >
> >                     Please respond to Mailing list
> > for
> >
> >                     discussion of Firewall-1
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > My company has been experiencing some problems
> with
> > SecureRemote/SecureClient running on win9x
> clients.
> > Over the past few
> > months, we've been rolling out Firewall-1, and
> we're
> > at the stage in the
> > game where we want to start using Secure Remote.
> > However, we've
> > encountered a pretty serious problem.  It seems to
> > work fine on WinNT/2000
> > clients, but on 95, 98, Me, etc.. we're having
> quite
> > a bit of trouble.
> >
> > The problem is this.  A user who dials up to their
> > ISP, can connect and
> > successfully authenticate to the firewall via
> > secureremote.  However, this
> > only gives them an IP level connection.  What we
> > need is for them to be
> > able to log on to our NT domain, so they can
> access
> > file servers, Exchange
> > and SQL applications, etc.  NT and 2000 clients
> > don't appear to have any
> > trouble, presumably because of these OS's ability
> to
> > cache credentials and
> > other security differences.  Also, 95 and 98 users
> > who are on cable, DSL,
> > or other always-on internet connections don't
> appear
> > to have any problem.
> > I'm assuming the problem lies in the fact that the
> > users need to first
> > authenticate to their ISP, then authenticate to
> our
> > domain.  Apparently 9x
> > doesn't like this process.
> >
> > Has anyone successfully gotten this to work with
> 95
> > and/or 98?  Our
> > reseller has been less than helpful, and
> checkpoint
> > themselves have been of
> > little help so I'm really hoping someone out there
> > can help me with this.
> > Secure Remote is one of the biggest reasons we
> > bought this product, and our
> > difficulties in getting it working have not been
> > received well by
> > management, nor have our reseller's lack of follow
> > through on helping with
> > these problems.  It's to the point where it'll be
> a
> > tough sell to keep
> > Checkpoint in place if this isn't resolved soon.
> > I've tried the usual
> > resources - Phoneboy.com, Nokia's web site,
> > Checkpoint and Reseller
> > support, so my posting here is really a last
> effort.
> >
> > Our firewalls are Nokia IP 650s, running IPSO
> 3.4.1
> > and Firewall-1 SP3.
> > We've tried every available secureremote build
> with
> > the same result.  If
> > anyone wants any further information I'd be more
> > than happy to provide it.
> >
> > Thanks in advance for your assistance.
> >
> > ===============================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ===============================================
>
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.