| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] logging into an NT domain controller through FW-1
- To: [email protected]
- Subject: Re: [FW-1] logging into an NT domain controller through FW-1
- From: Lars Troen <[email protected]>
- Date: Fri, 9 Aug 2002 23:17:49 +0200
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcI/6BK2IuTSyPv+SpyLxPc1qNwpdQAAEQrQ
- Thread-topic: Re: [FW-1] logging into an NT domain controller through FW-1
You should also note that with SecureClient you could also set the WINS address at the firewall or dhcp level instead of manually at each client. But this solution seems not to be working quite stable on winXP clients yet (it kinda works... but not all the time). With SecureClient you also get an ip address out on your client instead of having a NAT address which more and more users have today.
But I guess Securemote was not the issue here. In addition to opening the appropriate ports (noted in an earlier reply) you must make sure you configure your wins settings on your clients. Also make sure the trafic to the DMZ isn't natted or you'll probably get trouble with dce-rpc stuff (most of this might have been fixed since I tried it last tho..)
Another thing worth noticing is that w2k domains are usually easier getting to work through firewalls than nt4 domains. Sometimes you'll also need static settings in lmhosts (0x1b + 0x1c) on a few of your internal computers in order to get things working.
Lars
> -----Original Message-----
> From: Andre Faille [mailto:[email protected]]
> Sent: Friday, August 09, 2002 20:26
> To: [email protected]
> Subject: Re: [FW-1] logging into an NT domain controller through FW-1
>
>
> Russell
>
> we have a nt 4.0 domain also and this is how we set it up...
>
> 1. remote users have SecuRemote to login via the internet in
> an encrypted
> VPN (Checkpoint firewall-1 NG)
> 2. on their own machine, we setup DHCP but with a fixed WINS
> server setup,
> this allows them to see the NT domains once they get passed thru the
> firewall with SecuRemote
> 3. if they doube-click on a machine to access it this is what happens:
> a. if their own PC was part of the domain (like a
> portable), WINS
> recognizes it and does not ask for any logins.
> b. if their own PC was never part of the domain, they
> get prompted for a
> username/login.
>
> Hope this helps,
>
> Andre Faille
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]]On Behalf Of
> RUSSELL T. LEWIS
> Sent: August 9, 2002 12:37 PM
> To: [email protected]
> Subject: [FW-1] logging into an NT domain controller through FW-1
>
>
> We now have FW-1 SmallOffice (using enterprise install so I
> can use the GUI,
> not
> the web config) running on NT4. This was installed off a NG
> FP2 CD. We are
> still in the 30 day trial.
> I have the firewall in a test setup. I set an allow all
> rule, and set up
> NAT
> with the Hide option to the LAN card, and NAT using Static to
> the DMZ. The
> client can access the Internet through the firewall just
> fine. I now am
> removing the allow all, and adding only the needed rules. We
> will have an
> NT 4
> domain controller in the DMZ, and all the clients need to
> login to this via
> the
> LAN. I know this is not the BEST method to do things, but
> with the current
> hardware that's how it's got to be done. we will upgrade
> servers and get
> the
> domain controller out of the DMZ after the firewall is up and I have a
> chance to
> breath again. Does anyone know where I can find what rule(s)
> to create to
> do
> this? I can't seem to find it anywhere. I'll keep looking,
> but any info
> you
> can provided is greatly appreciated.
> Thanks a ton!
> -Russell Lewis
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
