Hi Thanks to all on this, i have checked the dns enforcements and all is unchecked, there is no nat taking place and the hotfix on the firewall is hfa_17. I don't think it is the firewall somehow but could be wrong, reckon it to be the server. would anyone know of any useful tool to install on the servers to snopp traffic, thinking of windump? Thanks again cisco4ng <[EMAIL PROTECTED]> wrote: I had run into a similar issue. I think the problem has to do with the following:
1) Microsoft AD also uses DNS and microsoft DNS is NOT compliant. Uncheck the DNS "udp enforcement" in DNS SmartDefense 2) Make sure you disable NAT between the servers behind the checkpoint NG AI firewall and the servers in the DMZ. Just because routing is OK does not mean it is OK. In other words, the servers behind the firewall should be able to communicate with servers in the DMZ without NAT. 3) repush the policy after you've done step 1 and 2. I think it will resolve your issue. Good luck! cisco4ng Peter Addy wrote: Hi Has anyone come across an issue where we are trying to join a win2003 server to a domain and strangely unable to do so, just keeps timing out. The servers connecting are one behind a CP firewall NG AI and the other server resides in a dmz, strangely no error no dropped ports in logs, routing is all ok, no filters are set on the routers, so i have been told, not really that familar with Windows, however all the usual AD ports are there, just a bit baffled why this does not work. Is there something perhaps on the Win servers that is misconfigured, or requires. Thanks for any advice Cheers --------------------------------- All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Get your email and more, right on the new Yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
