Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NG FP1 with SecureClient & SDL is Slow

To: [email protected]
Subject: [FW-1] NG FP1 with SecureClient & SDL is Slow
From: "Palmer, Kevin" <[email protected]>
Date: Wed, 5 Dec 2001 15:49:53 -0500
Comments: cc: "Myner, Josh" <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-index: AcF9zmQkMnchU1QtT7ySCivm02lNAg==
Thread-topic: NG FP1 with SecureClient & SDL is Slow

Everyone,

Is anyone using NG FP1 with Secure Domain Login (SDL)? SDL is slow
enough that end-users will complain if I require them to use it. Is
anyone using SDL with good results?

My PII400Mhz notebook with 256Mb RAM turned in the following results.

A - Control
1 minute, 25 seconds SecureClient Uninstalled - Test 1

B - LAN Access
2 minutes, 40 seconds SecureClient; LAN; Fully Configured - Test 1
2 minutes, 43seconds SecureClient; LAN; Fully Configured - Test 2

C - Internet Access
3 minutes, 50 seconds SecureClient; INTERNET; Fully Configured - Test 2

LAN = SecureClient is running while the computer is booted to the LAN.
INTERNET = SecureClient is running while the computer is booted to a
10Mbps Internet connection.
Fully Configured = SDL & SSO are configured. Computer boots into a
Windows 2000 domain.

One of the application developers I work with scripted a SecureClient
login into Windows 2000 Pro using batch files and a shareware program
called Password Officer. The application developer has his computer
configured to log into a workgroup instead of the Windows 2000 domain.
Once logged into the workgroup, the scripts authenticate to
SecureClient, ping an internal IP and map network drives, and
authenticate to IE and explorer authentication dialog boxes. The
functionality is similar to SecureClient and SDL. Check Point may have
anticipated this workaround because SecureClient generates a "Cancel
Persistance" error if the script settings are too aggressive.
http://www.compelson.com/pofi.htm

If Check Point and LinkSys wanted to team up and build a LinkSys
Cable/DSL router with integrated SecureClient software, I would buy one.
Having a hardware device establish the IPSec tunnel would eliminate the
SDL integration issues. Just a thought.

Regards,

Kevin Palmer
Network Engineer - MCSE+I, CCSE, CCNA

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] new virus (?)
Next by Date: Re: [FW-1] new virus (?)
Previous by thread: Re: [FW-1] DEC 2114/2113 FastEthernet-Interface
Next by thread: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN
Index(es):
- Date
- Thread