If the machine with SR on it is in the domain of the NT4, and you have WINS hard coded in your network adapter(must in SR), and configure DNS by hard coding it or use SR DNS, then you should successfully browse.
However, if you are not a member of the domain, this will not work I believe, since your machine doesn't have any credentials to perform this. Worth a try, but I know with WINS and DNS configured I can connect to shares within my enterprise. I don't ever use the browse function however. I have a script on my desktop with all the servers I need to map, I run it enter my credentials and they map. Oh, there is another bug with WINS and SR that is related to the state table with connections. Make sure you have allow_clear_traffic_while_disconnected (false)...that may not be exact, but it's close enough. I believe in R55 you can set this in the GUI, but you can also set it in the user.c file when you are building the profiles. If you have this set to true, and you don't connect to the VPN, and have WINS hard coded, it attempts to send WINS request in the clear. When you go to connect to the VPN it does not clear that state table, and additional WINS request are sent in the clear. It won't send them down the tunnel until the state expires and a new state is setup and then WINS works fine. iirc allow_clear_traffic_while_disconnected defaults to false Derek O'Flynn -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of David Strom Sent: Tuesday, February 01, 2005 8:16 AM To: [email protected] Subject: Re: [FW-1] SecuRemote user can't browse Microsoft workgroup Hmm, I wonder if you could elaborate on that, please, Michael? I've only been able to browse the Windows network when using Secure Domain Login (SDL), which seemed to make sense to me because when you do that you're sort of "joining" the domain by authenticating to it... we only do this with our laptops, since they "belong" to the domain already. For home PCs, we just directly access servers with \\servername, and input credentials for each server accessed that way. Works for us, because we don't have many Windows servers. Also, we set a Wins server entry, and use IP Pools with SR to provide an internal IP address. Our servers are in our public DNS, so we don't need the remote DNS; I realize that's not a usual setup, and we've discussed changing this sometime in the future. HOWEVER, XP Pro clients have not been working well (if at all) with SDL, ever, and with the R55 release of SR (iirc), Checkpoint support said that SDL didn't work well with NT 4.0 domains. We've since added a Win2003 server with AD, but we're still in hybrid mode. <sigh> So, I hope that when we switch to all AD, things will improve. Haven't tried XP Pro SP2 yet, and I can't wait to see what that will break. ;-) -- David Strom Michael Burns wrote: > I had a similar issue we resolved by adding a secure remote dns object > which forced name and kerboras authentication down the vpn tunnel. > Belive this only works for win 2k clients and above. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of > Reinhard Stich > Sent: 01 February 2005 11:42 > To: [email protected] > Subject: Re: [FW-1] SecuRemote user can't browse Microsoft workgroup > > At 08:26 01.02.2005, you wrote: > >>Yes we do have win-server and DNS server configured. > > > can you access the server with \\name\share ? > > cheers > reinhard > > >>Rajesh. >> >>-----Original Message----- >>From: Mailing list for discussion of Firewall-1 >>[mailto:[EMAIL PROTECTED] On Behalf Of >>Reinhard Stich >>Sent: Tuesday, February 01, 2005 4:36 PM >>To: [email protected] >>Subject: Re: [FW-1] SecuRemote user can't browse Microsoft workgroup >> >>hi, >> >>do you have a WINS-server and DNS-server configured? >> >>cheers >>reinhard >> >>At 05:27 01.02.2005, you wrote: >> >>>Hi all, >>> >>>I've configured VPN on a Sun (solaris 8) box using Checkpoint >>>Firewall NG AI. SecuRemote users can ping all the IP addresses in the > > >>>VPN encryption domain. But when they click on >>> >>>Entire network-->Microsoft windows network-->workgroup >>> >>>They don't say any of our windows servers. Clients for windows >>>networks is enabled in dialup networking properties. >>> >>>What could be the reason? Do I need to add any rule other than >>> >>>[EMAIL PROTECTED]>Internal network--->remote access--->any--->log >>> >>>Thanks, >>>Rajesh. >>> >>>================================================= >>>To set vacation, Out-Of-Office, or away messages, send an email to >>>[EMAIL PROTECTED] >>>in the BODY of the email add: >>>set fw-1-mailinglist nomail >>>================================================= >>>To unsubscribe from this mailing list, please see the instructions at > > >>>http://www.checkpoint.com/services/mailing.html >>>================================================= >>>If you have any questions on how to change your subscription options, > > >>>email [EMAIL PROTECTED] >>>================================================= >> >>-- >>Reinhard Stich ASSIST [EMAIL PROTECTED] >>Internet Security AG, 1150 Wien, Johnstrasse 29 >>Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, send an email to >>[EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your subscription options, >>email [EMAIL PROTECTED] >>================================================= >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, send an email to >>[EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your subscription options, >>email [EMAIL PROTECTED] >>================================================= > > > -- > Reinhard Stich ASSIST [EMAIL PROTECTED] > Internet Security AG, 1150 Wien, Johnstrasse 29 > Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > This email is for the confidential use of the intended recipient. If received in error > please notify us and delete the email. Unless the contrary is expressed the contents > of the email are the view of the writer and not of Keltec. By using this system or by > sending us emails you consent to the monitoring or recording of email in accordance > with the Telecommunications (Lawful Business Practice) Interception of > Communications Regulations 2000 or as otherwise permitted by law. > > Please visit us at www.keltec.co.uk > > Keltec Ltd > Registered Office: 2 Bracknell Enterprise Centre, Easthampstead Road, Bracknell, > RG12 1NF . Tel. 01344 306700. > Company Reg No. 3552955 > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
