Thanx for the info i have never seen it though maybe it will happen oneday and i will be greatful for the info that has been posted. I think this info should be highly regarded coz alot of big companies usually close TCP-53 and do not allow it if not a bastion station. I guess Brian got all the info he needed. in NG the param is :domain_tcp (false) i guess this should be changed to true. i'll check 4.1 same param there :domain_tcp (false)
It could be this Sadir Brian Fritz wrote: > All, > > After all the IPSO upgrades and service pack upgrades for our > Nokia/Checkpoint 4.1 SP5a solution, we started seeing some random > results with our DNS servers. Sometimes, it would fail on the first > lookup - but after that it would be ok... my question is simple... for > the last several years we've had the simple 2 rules for our DNS Servers: > > > > 1. Any (Source) DNSServers(Destination) DNS-53(Port) > > 2. DNSServers (Source) Any (Source) DNS-53 (port) > > > > The question is simple...are we missing something obvious??? Our DNS > servers are Windows 2000. > > > > Thanks in advance... > > > > -Brian > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
