Correct me if I'm wrong, but if I have no license then I have no desktop firewall and as SecureClient doesn't like other firewalls, then I have no desktop firewall at all. I saw that SecureClient worked extremely well, but the problem is that I can't apply a desktop policy so the desktops are wide open. Or have I missed something and there is a way of activating the SecureClient firewall without a license?
I should point out that I'm a newbie so some of Checkpoint's corporate policies are a complete mystery to me... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jean-Paul Baillon Sent: Thursday, 10 March 2005 5:22 PM To: [email protected] Subject: Re: [FW-1] Split brain DNS You do not need the securclient licence if you are not using the policy server! -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Meyers, Duncan Sent: Thursday, 10 March 2005 11:45 AM To: [email protected] Subject: Re: [FW-1] Split brain DNS Basically, I've followed the instructions in article# skI2065 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Meyers, Duncan Sent: Thursday, 10 March 2005 10:52 AM To: [email protected] Subject: Re: [FW-1] Split brain DNS Many thanks for your prompt response. SecureClient works really well - and I would use it if I could - but we don't have the license for the desktop policy so I can't use it (it will not play nicely with any other personal firewall that I've tried (MS SP2, Sygate and ZoneAlarm)). In short, I'm stuck with SecuRemote and getting Split-Brain DNS to work. Help!! -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jean-Paul Baillon Sent: Wednesday, 9 March 2005 11:56 PM To: [email protected] Subject: Re: [FW-1] Split brain DNS You need to install SecurClient for starters Then config securemote dns as you have done Config a ip pool nat network that will be DHCP'd to your remote access vpn clients In firewall object properties click remote access Config for office mode to vpn user group Optional parameters choose dns server, wins server (if any) and domain suffix THE SAME ONE USED ON SECUREMOTE DNS under OPSEC or else pain and suffering Perform antispoofing on ip pool nat network Voila! Happy Days! -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Meyers, Duncan Sent: Wednesday, 9 March 2005 4:10 PM To: [email protected] Subject: [FW-1] Split brain DNS Hi! I'm having no end of trouble getting Split-brain DNS to work with SecuRemote and my gateway (Firewall-1 running on W2K3). I can connect perfectly with the VPN and if I specify IP addresses I can access resources on the corporate LAN. What I can't get is DNS resolution of the LAN addresses. I have configured the SecuRemote DNS object as described in the Knowledgebase article and also created a dnsinfo.C file that I popped into the appropriate directory. I recreated the site and from the userc.C file that the client picks up, I can see that the configuration details seems to be going across: :dnsinfo ( :LMdata ( : ( :ipaddr (10.1.1.21) :name (*****01) :domain (******) ) ) :dns_servers ( : (sr_DNS_server :obj ( : (10.1.1.21) ) :domain ( : ( :domain (***********) :dns_label_count (4) ) ) I'm sure you'll excuse me for munging the domain details :-) But it doesn't work! Does anyone have any suggestions? Thanks! ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
