Yes, that's correct. If you look in userc.c on the laptop (assuming you
haven't obscured the topology), you'll just see IP addresses. I'm not sure
how to automatically handle the need to change the external IP address of
the firewall and not have it affect remote users.
I was thinking of maybe adding an extra interface on the gateway and set it
to the new IP (disconnected) and set it up as another external interface and
use dynamic resolving (RDP) to find the active one. After you're sure
everyone has the new topology, maybe you could kill the original interface
and SecureClient/SecuRemote would use RDP to find the now-functional one.
If anyone has any insight on how to handle an IP change seamlessly, it would
be appreciated,
Ray
From: J Jayavenkatesh <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] DNS entry for the VPN gateway
Date: Thu, 23 Jun 2005 21:00:14 +0800
Hi Ray,
Thanks for that note. Actually i was asking towards the VPN gateway ip
address. i.e when you configure Secure client on a laptop you need to
specify the ip address of the Site right! Is there any specific use of
specifying DNS entry for this site address. Because i tested
specifying the site dns address. After that if i change the
corresponding IP to some other IP address, the secureclient is not
using the new ip address. Its still using the old ip address for the
DNS entry. I believe i can convey wat im
thinking of!
Thanks
Jay.
On 6/23/05, Ray <[EMAIL PROTECTED]> wrote:
> If you're running Hide NAT and your internal web browsers run through
it,
> you might have an issue. We ran into a vendor site that wouldn't work
right
> if we didn't have forwardand reverse DNS entries for the Hide NAT
address. I
> can't think of anything off hand that would affect Check Point, though.
>
> Ray
>
> >From: J Jayavenkatesh <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[email protected]>
> >To: [email protected]
> >Subject: [FW-1] DNS entry for the VPN gateway
> >Date: Wed, 22 Jun 2005 14:40:59 +0800
> >
> >Hi all,
> >
> >Is there any specific use of using DNS entry for the VPN Gateway Ip
> >address?
> >If you change the ip address, does the secureclient really do a
> >resolution everytime,
> >and updating the ip address whenever the DNS ip change?
> >
> >I tested it, and found that, secureclient does the resolution at the
> >first time , after which the secureclient uses the ip resolved in the
> >first time. If so what is the purspose of using DNS entry for VPN
> >Gateway ip?
> >
> >Thanks in advance!
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
