Hi David sorry to be so vague, Please be aware I'm no windows expert by any means, but we use XP pro SP1 and some with SP2 and our domain is similar to yours ie in hybrid NT/AD. I have no local naming set at all on remote laptops. I set up a secure remote dns server and defined the AD root server and another for DNS resolving. The remote machine then sends all local dns queries down the tunnel.
thanks -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of David Strom Sent: 01 February 2005 14:16 To: [email protected] Subject: Re: [FW-1] SecuRemote user can't browse Microsoft workgroup Hmm, I wonder if you could elaborate on that, please, Michael? I've only been able to browse the Windows network when using Secure Domain Login (SDL), which seemed to make sense to me because when you do that you're sort of "joining" the domain by authenticating to it... we only do this with our laptops, since they "belong" to the domain already. For home PCs, we just directly access servers with \\servername, and input credentials for each server accessed that way. Works for us, because we don't have many Windows servers. Also, we set a Wins server entry, and use IP Pools with SR to provide an internal IP address. Our servers are in our public DNS, so we don't need the remote DNS; I realize that's not a usual setup, and we've discussed changing this sometime in the future. HOWEVER, XP Pro clients have not been working well (if at all) with SDL, ever, and with the R55 release of SR (iirc), Checkpoint support said that SDL didn't work well with NT 4.0 domains. We've since added a Win2003 server with AD, but we're still in hybrid mode. <sigh> So, I hope that when we switch to all AD, things will improve. Haven't tried XP Pro SP2 yet, and I can't wait to see what that will break. ;-) -- David Strom Michael Burns wrote: > I had a similar issue we resolved by adding a secure remote dns object > which forced name and kerboras authentication down the vpn tunnel. > Belive this only works for win 2k clients and above. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of > Reinhard Stich > Sent: 01 February 2005 11:42 > To: [email protected] > Subject: Re: [FW-1] SecuRemote user can't browse Microsoft workgroup > > At 08:26 01.02.2005, you wrote: > >>Yes we do have win-server and DNS server configured. > > > can you access the server with \\name\share ? > > cheers > reinhard > > >>Rajesh. >> >>-----Original Message----- >>From: Mailing list for discussion of Firewall-1 >>[mailto:[EMAIL PROTECTED] On Behalf Of >>Reinhard Stich >>Sent: Tuesday, February 01, 2005 4:36 PM >>To: [email protected] >>Subject: Re: [FW-1] SecuRemote user can't browse Microsoft workgroup >> >>hi, >> >>do you have a WINS-server and DNS-server configured? >> >>cheers >>reinhard >> >>At 05:27 01.02.2005, you wrote: >> >>>Hi all, >>> >>>I've configured VPN on a Sun (solaris 8) box using Checkpoint >>>Firewall NG AI. SecuRemote users can ping all the IP addresses in the > > >>>VPN encryption domain. But when they click on >>> >>>Entire network-->Microsoft windows network-->workgroup >>> >>>They don't say any of our windows servers. Clients for windows >>>networks is enabled in dialup networking properties. >>> >>>What could be the reason? Do I need to add any rule other than >>> >>>[EMAIL PROTECTED]>Internal network--->remote access--->any--->log >>> >>>Thanks, >>>Rajesh. >>> >>>================================================= >>>To set vacation, Out-Of-Office, or away messages, send an email to >>>[EMAIL PROTECTED] >>>in the BODY of the email add: >>>set fw-1-mailinglist nomail >>>================================================= >>>To unsubscribe from this mailing list, please see the instructions at > > >>>http://www.checkpoint.com/services/mailing.html >>>================================================= >>>If you have any questions on how to change your subscription options, > > >>>email [EMAIL PROTECTED] >>>================================================= >> >>-- >>Reinhard Stich ASSIST [EMAIL PROTECTED] >>Internet Security AG, 1150 Wien, Johnstrasse 29 >>Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, send an email to >>[EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your subscription options, >>email [EMAIL PROTECTED] >>================================================= >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, send an email to >>[EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your subscription options, >>email [EMAIL PROTECTED] >>================================================= > > > -- > Reinhard Stich ASSIST [EMAIL PROTECTED] > Internet Security AG, 1150 Wien, Johnstrasse 29 > Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > This email is for the confidential use of the intended recipient. If > received in error please notify us and delete the email. Unless the > contrary is expressed the contents of the email are the view of the > writer and not of Keltec. By using this system or by sending us > emails you consent to the monitoring or recording of email in > accordance with the Telecommunications (Lawful Business Practice) Interception of Communications Regulations 2000 or as otherwise permitted by law. > > Please visit us at www.keltec.co.uk > > Keltec Ltd > Registered Office: 2 Bracknell Enterprise Centre, Easthampstead Road, > Bracknell, > RG12 1NF . Tel. 01344 306700. > Company Reg No. 3552955 > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This email is for the confidential use of the intended recipient. If received in error please notify us and delete the email. Unless the contrary is expressed the contents of the email are the view of the writer and not of Keltec. By using this system or by sending us emails you consent to the monitoring or recording of email in accordance with the Telecommunications (Lawful Business Practice) Interception of Communications Regulations 2000 or as otherwise permitted by law. Please visit us at www.keltec.co.uk Keltec Ltd Registered Office: 2 Bracknell Enterprise Centre, Easthampstead Road, Bracknell, RG12 1NF . Tel. 01344 306700. Company Reg No. 3552955 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
