Search
	display results
words begin exact words any words part
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] SDL & windows 2000

To: [email protected]
Subject: Re: [FW-1] SDL & windows 2000
From: Aaron Brasslett <[email protected]>
Date: Mon, 17 Dec 2001 14:00:20 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
On slower systems, I have found that I need to wait a few seconds for SR to
fully load and initialize before I attempt to logon.

I have heard that you can mess around with service dependencies to correct
this, but I have never bothered.

Aaron

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Monday, December 17, 2001 1:19 PM
To: [email protected]
Subject: Re: [FW-1] SDL & windows 2000


James Oryszczyn <[email protected]> wrote:

>W2K will have DNS and  netbios traffic on a boot up.  The Windows 2000
>machine is trying to contact the domain controllers to get machine policys
>and such.  Capture when hit Ctrl-al-deltete and the tunnel comes up. Then
>look for DNS traffic.
>

Hi,
I've traced all packets leaving my SR/SC box. After startup of the
networking services the client tries to contact its DNS servers directly
without any use of SR/SC, although split DNS/ encrpted DNS is setup
correctly (it runs for a different NT box). When I now pass some random
credentials the logon fails however after that SR/SC logon window pops up.
When those credentials belong to a cached profile the logon process uses
this instead of waiting for SR to come up with the pop up window.

Any further hints/ reading?

Egonle

>James
>----- Original Message -----
>From: <[email protected]>
>To: <[email protected]>
>Sent: Friday, December 14, 2001 3:36 AM
>Subject: Re: [FW-1] SDL & windows 2000
>
>
>> "Miller, Joe" <[email protected]> wrote:
>>
>> >Are you running W2k in Native mode or Mixed Mode? If you are running
>> >Mixed mode, authentication will work. In native mode, however, there are
>> >issues with 4.1 (to be fixed in NG).
>> >
>> >Joe
>> >
>>
>> IMHO, Native Mode and Mixed Mode are terms regarding the communication
>between DCs not clients to a DC itself. Depending on the setup a W2K DC is
>able to fall-back to NTLMv2 authentication if Kerberos isn't supported by
>the client.
>>
>> Anyway, after a reboot of the W2K machine my sniffer captured DNS, NBT
>packets which the box is trying to contact directly (Encrypted DNS is setup
>correctly!). This points out that SecureClient/ SecuRemote is not able to
>capture packets sent by the OS before a login process is started.
>>
>> After a reboot I've passed some random credentials so that a login fails
>for sure. After that "failed logon" securemote login window pops up and a
>VPN tunnel is tried to open by SR.
>>
>>
>> Egonle
>> >-----Original Message-----
>> >From: Michael S. Hobbs [mailto:[email protected]]
>> >Sent: Thursday, December 13, 2001 10:30 AM
>> >To: [email protected]
>> >Subject: Re: [FW-1] SDL & windows 2000
>> >
>> >
>> >I am using Win2k with AD, running FW-1 4.1 SP2, and the latest
>> >SecureClient for FW-1 4.1.  I have SDL and SSO enabled and I am able to
>> >login just fine. The only problem is intermittent issues with the login
>> >script. Sometime it runs, sometimes it does not.
>> >
>> >Michael
>> >
>> >-----Original Message-----
>> >From: Mailing list for discussion of Firewall-1
>> >[mailto:[email protected]] On Behalf Of Jim
>> >Laverty
>> >Sent: Thursday, December 13, 2001 7:26 AM
>> >To: [email protected]
>> >Subject: Re: [FW-1] SDL & windows 2000
>> >
>> >
>> >SDL does not work with Active Directory in Windows 2000, if you are
>> >using the 4.1 version of FW-1.  I confirmed this with Checkpoint.  I was
>> >told NG would support this only.
>> >
>> >The srv packets never get passed through.  Load up a sniffer and capture
>> >a local domain login to an ADS box.  Then sniff the incoming connection
>> >from SecuRemote, you will see completely different behavior.  You can do
>> >SDL with NT 4.0, not W2K.
>> >
>> >-----Original Message-----
>> >From: Mailing list for discussion of Firewall-1
>> >[mailto:[email protected]] On Behalf Of
>> >[email protected]
>> >Sent: Thursday, December 13, 2001 4:49 AM
>> >To: [email protected]
>> >Subject: Re: [FW-1] SDL & windows 2000
>> >
>> >
>> >"Michael S. Hobbs" <[email protected]> wrote:
>> >
>> >>Yes SDL is supported in Windows 2000.
>> >>
>> >
>> >Ok, I've enbled SDL on W2K (without SSO). However SecuRemote/ Client
>> >Login window does not pop up during login, so either a cached profile is
>> >used or the login fails.
>> >
>> >Regards,
>> >
>> >Egonle
>> >
>> >>Michael
>> >>
>> >>-----Original Message-----
>> >>From: Mailing list for discussion of Firewall-1
>> >>[mailto:[email protected]] On Behalf Of
>> >>[email protected]
>> >>Sent: Wednesday, December 12, 2001 2:21 PM
>> >>To: [email protected]
>> >>Subject: [FW-1] SDL & windows 2000
>> >>
>> >>
>> >>Hi,
>> >>does anybody know if SDL is supported on windows 2000?
>> >>
>> >>
>> >>Regards,
>> >>Egonle
>> >>--
>> >>
>> >>
>> >>
>> >>
>> >>__________________________________________________________________
>> >>Your favorite stores, helpful shopping tools and great gift ideas.
>> >>Experience the convenience of buying online with Shop@Netscape!
>> >>http://shopnow.netscape.com/
>> >>
>> >>Get your own FREE, personal Netscape Mail account today at
>> >>http://webmail.netscape.com/
>> >>
>> >>=================================================
>> >>To unsubscribe from this mailing list,
>> >>please see the instructions at
>> >>http://www.checkpoint.com/services/mailing.html
>> >>=================================================
>> >>To set vacation, Out Of Office, or away messages,
>> >>send an email to [email protected]
>> >>in the BODY of the email add:
>> >>set fw-1-mailinglist nomail
>> >>=================================================
>> >>If you have any questions on how to change your
>> >>subscription options, email Ron Alcatraz at: [email protected]
>> >
>> >>=================================================
>> >>
>> >>=================================================
>> >>To unsubscribe from this mailing list,
>> >>please see the instructions at
>> >>http://www.checkpoint.com/services/mailing.html
>> >>=================================================
>> >>To set vacation, Out Of Office, or away messages,
>> >>send an email to [email protected]
>> >>in the BODY of the email add:
>> >>set fw-1-mailinglist nomail
>> >>=================================================
>> >>If you have any questions on how to change your
>> >>subscription options, email Ron Alcatraz at: [email protected]
>> >
>> >>=================================================
>> >>
>> >--
>> >
>> >
>> >
>> >
>> >__________________________________________________________________
>> >Your favorite stores, helpful shopping tools and great gift ideas.
>> >Experience the convenience of buying online with Shop@Netscape!
>> >http://shopnow.netscape.com/
>> >
>> >Get your own FREE, personal Netscape Mail account today at
>> >http://webmail.netscape.com/
>> >
>> >=================================================
>> >To unsubscribe from this mailing list,
>> >please see the instructions at
>> >http://www.checkpoint.com/services/mailing.html
>> >=================================================
>> >To set vacation, Out Of Office, or away messages,
>> >send an email to [email protected]
>> >in the BODY of the email add:
>> >set fw-1-mailinglist nomail
>> >=================================================
>> >If you have any questions on how to change your
>> >subscription options, email Ron Alcatraz at: [email protected]
>> >=================================================
>> >
>> >=================================================
>> >To unsubscribe from this mailing list,
>> >please see the instructions at
>> >http://www.checkpoint.com/services/mailing.html
>> >=================================================
>> >To set vacation, Out Of Office, or away messages,
>> >send an email to [email protected]
>> >in the BODY of the email add:
>> >set fw-1-mailinglist nomail
>> >=================================================
>> >If you have any questions on how to change your
>> >subscription options, email Ron Alcatraz at: [email protected]
>> >=================================================
>> >
>> >=================================================
>> >To unsubscribe from this mailing list,
>> >please see the instructions at
>> >http://www.checkpoint.com/services/mailing.html
>> >=================================================
>> >To set vacation, Out Of Office, or away messages,
>> >send an email to [email protected]
>> >in the BODY of the email add:
>> >set fw-1-mailinglist nomail
>> >=================================================
>> >If you have any questions on how to change your
>> >subscription options, email Ron Alcatraz at:
>> >[email protected]
>> >=================================================
>> >
>> >=================================================
>> >To unsubscribe from this mailing list,
>> >please see the instructions at
>> >http://www.checkpoint.com/services/mailing.html
>> >=================================================
>> >To set vacation, Out Of Office, or away messages,
>> >send an email to [email protected]
>> >in the BODY of the email add:
>> >set fw-1-mailinglist nomail
>> >=================================================
>> >If you have any questions on how to change your
>> >subscription options, email Ron Alcatraz at:
>> >[email protected]
>> >=================================================
>> >
>> --
>>
>>
>>
>>
>> __________________________________________________________________
>> Your favorite stores, helpful shopping tools and great gift ideas.
>Experience the convenience of buying online with Shop@Netscape!
>http://shopnow.netscape.com/
>>
>> Get your own FREE, personal Netscape Mail account today at
>http://webmail.netscape.com/
>>
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> To set vacation, Out Of Office, or away messages,
>> send an email to [email protected]
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email Ron Alcatraz at:
>> [email protected]
>> =================================================
>
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>If you have any questions on how to change your
>subscription options, email Ron Alcatraz at:
>[email protected]
>=================================================
>
--




__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================
Prev by Date: Re: [FW-1] VPN to firewall behind NAT
Next by Date: Re: [FW-1] Content-Encoding
Previous by thread: Re: [FW-1] SDL & windows 2000
Next by thread: [FW-1] Multi-threading on Nokias!
Index(es):
- Date
- Thread