I have two Windows 2003 SP1 Domain Controllers at different sites on the Internet. Both sides are protected by CheckPoint FW-1 R55W. There is a site-to-site VPN between the sites. The rules are configured to allow all traffic between sites.
Problem #1 (fixed): The domain controllers cannot replicate Active Directory information between them. The firewall's SmartDefense is rejecting the packets. I avoided this by setting MS-RPC smart defense to "monitor only". Problem #2: Many packets sent between the domain controllers are dropped by the firewall for: "TCP packet out of state: First packet isn't SYN tcp_flags: ACK". I cannot get the domain controllers to replicate, and my AD tools indicate a communications issue. Any ideas? ----------------------------------------------- Tony Pombo Systems and Security Architect Edict Systems, Inc. 937-429-4288 x279 [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
