|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SDL & windows 2000
W2K will have DNS and netbios traffic on a boot up. The Windows 2000 machine is trying to contact the domain controllers to get machine policys and such. Capture when hit Ctrl-al-deltete and the tunnel comes up. Then look for DNS traffic. James ----- Original Message ----- From: <[email protected]> To: <[email protected]> Sent: Friday, December 14, 2001 3:36 AM Subject: Re: [FW-1] SDL & windows 2000 > "Miller, Joe" <[email protected]> wrote: > > >Are you running W2k in Native mode or Mixed Mode? If you are running > >Mixed mode, authentication will work. In native mode, however, there are > >issues with 4.1 (to be fixed in NG). > > > >Joe > > > > IMHO, Native Mode and Mixed Mode are terms regarding the communication between DCs not clients to a DC itself. Depending on the setup a W2K DC is able to fall-back to NTLMv2 authentication if Kerberos isn't supported by the client. > > Anyway, after a reboot of the W2K machine my sniffer captured DNS, NBT packets which the box is trying to contact directly (Encrypted DNS is setup correctly!). This points out that SecureClient/ SecuRemote is not able to capture packets sent by the OS before a login process is started. > > After a reboot I've passed some random credentials so that a login fails for sure. After that "failed logon" securemote login window pops up and a VPN tunnel is tried to open by SR. > > > Egonle > >-----Original Message----- > >From: Michael S. Hobbs [mailto:[email protected]] > >Sent: Thursday, December 13, 2001 10:30 AM > >To: [email protected] > >Subject: Re: [FW-1] SDL & windows 2000 > > > > > >I am using Win2k with AD, running FW-1 4.1 SP2, and the latest > >SecureClient for FW-1 4.1. I have SDL and SSO enabled and I am able to > >login just fine. The only problem is intermittent issues with the login > >script. Sometime it runs, sometimes it does not. > > > >Michael > > > >-----Original Message----- > >From: Mailing list for discussion of Firewall-1 > >[mailto:[email protected]] On Behalf Of Jim > >Laverty > >Sent: Thursday, December 13, 2001 7:26 AM > >To: [email protected] > >Subject: Re: [FW-1] SDL & windows 2000 > > > > > >SDL does not work with Active Directory in Windows 2000, if you are > >using the 4.1 version of FW-1. I confirmed this with Checkpoint. I was > >told NG would support this only. > > > >The srv packets never get passed through. Load up a sniffer and capture > >a local domain login to an ADS box. Then sniff the incoming connection > >from SecuRemote, you will see completely different behavior. You can do > >SDL with NT 4.0, not W2K. > > > >-----Original Message----- > >From: Mailing list for discussion of Firewall-1 > >[mailto:[email protected]] On Behalf Of > >[email protected] > >Sent: Thursday, December 13, 2001 4:49 AM > >To: [email protected] > >Subject: Re: [FW-1] SDL & windows 2000 > > > > > >"Michael S. Hobbs" <[email protected]> wrote: > > > >>Yes SDL is supported in Windows 2000. > >> > > > >Ok, I've enbled SDL on W2K (without SSO). However SecuRemote/ Client > >Login window does not pop up during login, so either a cached profile is > >used or the login fails. > > > >Regards, > > > >Egonle > > > >>Michael > >> > >>-----Original Message----- > >>From: Mailing list for discussion of Firewall-1 > >>[mailto:[email protected]] On Behalf Of > >>[email protected] > >>Sent: Wednesday, December 12, 2001 2:21 PM > >>To: [email protected] > >>Subject: [FW-1] SDL & windows 2000 > >> > >> > >>Hi, > >>does anybody know if SDL is supported on windows 2000? > >> > >> > >>Regards, > >>Egonle > >>-- > >> > >> > >> > >> > >>__________________________________________________________________ > >>Your favorite stores, helpful shopping tools and great gift ideas. > >>Experience the convenience of buying online with Shop@Netscape! > >>http://shopnow.netscape.com/ > >> > >>Get your own FREE, personal Netscape Mail account today at > >>http://webmail.netscape.com/ > >> > >>================================================= > >>To unsubscribe from this mailing list, > >>please see the instructions at > >>http://www.checkpoint.com/services/mailing.html > >>================================================= > >>To set vacation, Out Of Office, or away messages, > >>send an email to [email protected] > >>in the BODY of the email add: > >>set fw-1-mailinglist nomail > >>================================================= > >>If you have any questions on how to change your > >>subscription options, email Ron Alcatraz at: [email protected] > > > >>================================================= > >> > >>================================================= > >>To unsubscribe from this mailing list, > >>please see the instructions at > >>http://www.checkpoint.com/services/mailing.html > >>================================================= > >>To set vacation, Out Of Office, or away messages, > >>send an email to [email protected] > >>in the BODY of the email add: > >>set fw-1-mailinglist nomail > >>================================================= > >>If you have any questions on how to change your > >>subscription options, email Ron Alcatraz at: [email protected] > > > >>================================================= > >> > >-- > > > > > > > > > >__________________________________________________________________ > >Your favorite stores, helpful shopping tools and great gift ideas. > >Experience the convenience of buying online with Shop@Netscape! > >http://shopnow.netscape.com/ > > > >Get your own FREE, personal Netscape Mail account today at > >http://webmail.netscape.com/ > > > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >To set vacation, Out Of Office, or away messages, > >send an email to [email protected] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >If you have any questions on how to change your > >subscription options, email Ron Alcatraz at: [email protected] > >================================================= > > > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >To set vacation, Out Of Office, or away messages, > >send an email to [email protected] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >If you have any questions on how to change your > >subscription options, email Ron Alcatraz at: [email protected] > >================================================= > > > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >To set vacation, Out Of Office, or away messages, > >send an email to [email protected] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >If you have any questions on how to change your > >subscription options, email Ron Alcatraz at: > >[email protected] > >================================================= > > > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >To set vacation, Out Of Office, or away messages, > >send an email to [email protected] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >If you have any questions on how to change your > >subscription options, email Ron Alcatraz at: > >[email protected] > >================================================= > > > -- > > > > > __________________________________________________________________ > Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ > > Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ > > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > If you have any questions on how to change your > subscription options, email Ron Alcatraz at: > [email protected] > ================================================= ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
