I had run into a similar issue. I think the problem has to do with the following:
1) Microsoft AD also uses DNS and microsoft DNS is NOT compliant. Uncheck the DNS "udp enforcement" in DNS SmartDefense 2) Make sure you disable NAT between the servers behind the checkpoint NG AI firewall and the servers in the DMZ. Just because routing is OK does not mean it is OK. In other words, the servers behind the firewall should be able to communicate with servers in the DMZ without NAT. 3) repush the policy after you've done step 1 and 2. I think it will resolve your issue. Good luck! cisco4ng Peter Addy <[EMAIL PROTECTED]> wrote: Hi Has anyone come across an issue where we are trying to join a win2003 server to a domain and strangely unable to do so, just keeps timing out. The servers connecting are one behind a CP firewall NG AI and the other server resides in a dmz, strangely no error no dropped ports in logs, routing is all ok, no filters are set on the routers, so i have been told, not really that familar with Windows, however all the usual AD ports are there, just a bit baffled why this does not work. Is there something perhaps on the Win servers that is misconfigured, or requires. Thanks for any advice Cheers --------------------------------- All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
