[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SDL & windows 2000
On slower systems, I have found that I need to wait a few seconds for SR to fully load and initialize before I attempt to logon. I have heard that you can mess around with service dependencies to correct this, but I have never bothered. Aaron -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, December 17, 2001 1:19 PM To: [email protected] Subject: Re: [FW-1] SDL & windows 2000 James Oryszczyn <[email protected]> wrote: >W2K will have DNS and netbios traffic on a boot up. The Windows 2000 >machine is trying to contact the domain controllers to get machine policys >and such. Capture when hit Ctrl-al-deltete and the tunnel comes up. Then >look for DNS traffic. > Hi, I've traced all packets leaving my SR/SC box. After startup of the networking services the client tries to contact its DNS servers directly without any use of SR/SC, although split DNS/ encrpted DNS is setup correctly (it runs for a different NT box). When I now pass some random credentials the logon fails however after that SR/SC logon window pops up. When those credentials belong to a cached profile the logon process uses this instead of waiting for SR to come up with the pop up window. Any further hints/ reading? Egonle >James >----- Original Message ----- >From: <[email protected]> >To: <[email protected]> >Sent: Friday, December 14, 2001 3:36 AM >Subject: Re: [FW-1] SDL & windows 2000 > > >> "Miller, Joe" <[email protected]> wrote: >> >> >Are you running W2k in Native mode or Mixed Mode? If you are running >> >Mixed mode, authentication will work. In native mode, however, there are >> >issues with 4.1 (to be fixed in NG). >> > >> >Joe >> > >> >> IMHO, Native Mode and Mixed Mode are terms regarding the communication >between DCs not clients to a DC itself. Depending on the setup a W2K DC is >able to fall-back to NTLMv2 authentication if Kerberos isn't supported by >the client. >> >> Anyway, after a reboot of the W2K machine my sniffer captured DNS, NBT >packets which the box is trying to contact directly (Encrypted DNS is setup >correctly!). This points out that SecureClient/ SecuRemote is not able to >capture packets sent by the OS before a login process is started. >> >> After a reboot I've passed some random credentials so that a login fails >for sure. After that "failed logon" securemote login window pops up and a >VPN tunnel is tried to open by SR. >> >> >> Egonle >> >-----Original Message----- >> >From: Michael S. Hobbs [mailto:[email protected]] >> >Sent: Thursday, December 13, 2001 10:30 AM >> >To: [email protected] >> >Subject: Re: [FW-1] SDL & windows 2000 >> > >> > >> >I am using Win2k with AD, running FW-1 4.1 SP2, and the latest >> >SecureClient for FW-1 4.1. I have SDL and SSO enabled and I am able to >> >login just fine. The only problem is intermittent issues with the login >> >script. Sometime it runs, sometimes it does not. >> > >> >Michael >> > >> >-----Original Message----- >> >From: Mailing list for discussion of Firewall-1 >> >[mailto:[email protected]] On Behalf Of Jim >> >Laverty >> >Sent: Thursday, December 13, 2001 7:26 AM >> >To: [email protected] >> >Subject: Re: [FW-1] SDL & windows 2000 >> > >> > >> >SDL does not work with Active Directory in Windows 2000, if you are >> >using the 4.1 version of FW-1. I confirmed this with Checkpoint. I was >> >told NG would support this only. >> > >> >The srv packets never get passed through. Load up a sniffer and capture >> >a local domain login to an ADS box. Then sniff the incoming connection >> >from SecuRemote, you will see completely different behavior. You can do >> >SDL with NT 4.0, not W2K. >> > >> >-----Original Message----- >> >From: Mailing list for discussion of Firewall-1 >> >[mailto:[email protected]] On Behalf Of >> >[email protected] >> >Sent: Thursday, December 13, 2001 4:49 AM >> >To: [email protected] >> >Subject: Re: [FW-1] SDL & windows 2000 >> > >> > >> >"Michael S. Hobbs" <[email protected]> wrote: >> > >> >>Yes SDL is supported in Windows 2000. >> >> >> > >> >Ok, I've enbled SDL on W2K (without SSO). However SecuRemote/ Client >> >Login window does not pop up during login, so either a cached profile is >> >used or the login fails. >> > >> >Regards, >> > >> >Egonle >> > >> >>Michael >> >> >> >>-----Original Message----- >> >>From: Mailing list for discussion of Firewall-1 >> >>[mailto:[email protected]] On Behalf Of >> >>[email protected] >> >>Sent: Wednesday, December 12, 2001 2:21 PM >> >>To: [email protected] >> >>Subject: [FW-1] SDL & windows 2000 >> >> >> >> >> >>Hi, >> >>does anybody know if SDL is supported on windows 2000? >> >> >> >> >> >>Regards, >> >>Egonle >> >>-- >> >> >> >> >> >> >> >> >> >>__________________________________________________________________ >> >>Your favorite stores, helpful shopping tools and great gift ideas. >> >>Experience the convenience of buying online with Shop@Netscape! >> >>http://shopnow.netscape.com/ >> >> >> >>Get your own FREE, personal Netscape Mail account today at >> >>http://webmail.netscape.com/ >> >> >> >>================================================= >> >>To unsubscribe from this mailing list, >> >>please see the instructions at >> >>http://www.checkpoint.com/services/mailing.html >> >>================================================= >> >>To set vacation, Out Of Office, or away messages, >> >>send an email to [email protected] >> >>in the BODY of the email add: >> >>set fw-1-mailinglist nomail >> >>================================================= >> >>If you have any questions on how to change your >> >>subscription options, email Ron Alcatraz at: [email protected] >> > >> >>================================================= >> >> >> >>================================================= >> >>To unsubscribe from this mailing list, >> >>please see the instructions at >> >>http://www.checkpoint.com/services/mailing.html >> >>================================================= >> >>To set vacation, Out Of Office, or away messages, >> >>send an email to [email protected] >> >>in the BODY of the email add: >> >>set fw-1-mailinglist nomail >> >>================================================= >> >>If you have any questions on how to change your >> >>subscription options, email Ron Alcatraz at: [email protected] >> > >> >>================================================= >> >> >> >-- >> > >> > >> > >> > >> >__________________________________________________________________ >> >Your favorite stores, helpful shopping tools and great gift ideas. >> >Experience the convenience of buying online with Shop@Netscape! >> >http://shopnow.netscape.com/ >> > >> >Get your own FREE, personal Netscape Mail account today at >> >http://webmail.netscape.com/ >> > >> >================================================= >> >To unsubscribe from this mailing list, >> >please see the instructions at >> >http://www.checkpoint.com/services/mailing.html >> >================================================= >> >To set vacation, Out Of Office, or away messages, >> >send an email to [email protected] >> >in the BODY of the email add: >> >set fw-1-mailinglist nomail >> >================================================= >> >If you have any questions on how to change your >> >subscription options, email Ron Alcatraz at: [email protected] >> >================================================= >> > >> >================================================= >> >To unsubscribe from this mailing list, >> >please see the instructions at >> >http://www.checkpoint.com/services/mailing.html >> >================================================= >> >To set vacation, Out Of Office, or away messages, >> >send an email to [email protected] >> >in the BODY of the email add: >> >set fw-1-mailinglist nomail >> >================================================= >> >If you have any questions on how to change your >> >subscription options, email Ron Alcatraz at: [email protected] >> >================================================= >> > >> >================================================= >> >To unsubscribe from this mailing list, >> >please see the instructions at >> >http://www.checkpoint.com/services/mailing.html >> >================================================= >> >To set vacation, Out Of Office, or away messages, >> >send an email to [email protected] >> >in the BODY of the email add: >> >set fw-1-mailinglist nomail >> >================================================= >> >If you have any questions on how to change your >> >subscription options, email Ron Alcatraz at: >> >[email protected] >> >================================================= >> > >> >================================================= >> >To unsubscribe from this mailing list, >> >please see the instructions at >> >http://www.checkpoint.com/services/mailing.html >> >================================================= >> >To set vacation, Out Of Office, or away messages, >> >send an email to [email protected] >> >in the BODY of the email add: >> >set fw-1-mailinglist nomail >> >================================================= >> >If you have any questions on how to change your >> >subscription options, email Ron Alcatraz at: >> >[email protected] >> >================================================= >> > >> -- >> >> >> >> >> __________________________________________________________________ >> Your favorite stores, helpful shopping tools and great gift ideas. >Experience the convenience of buying online with Shop@Netscape! >http://shopnow.netscape.com/ >> >> Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ >> >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> To set vacation, Out Of Office, or away messages, >> send an email to [email protected] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> If you have any questions on how to change your >> subscription options, email Ron Alcatraz at: >> [email protected] >> ================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[email protected] >================================================= > -- __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] ================================================= ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] =================================================
|