Hi
After several aborted attempts over a couple of months to implement
SecureRemote on FW-1 4.0 I have more or less got to an (almost) final
solution but I have a couple off isues that are still unresolved:-
1. Using FW-1 4.0 SP4 on NT 4.0 SP4
2. Using SecureRemote 4.1 (Build 4153) on Windows 95 clients (and soon NT
4.0 WS clients)
3. Using FWZ encryption
4. Have "SDL Enabled" on clients (Secure Domain Login)
Outstanding queries:-
a) The use of 4.1 clients was on recommendation from the list as it
included the SDL function to (allegedly) ensure that secure connection and
firewall authentication happen before NT domain login and drives mapped
etc. (otherwise won't work !). This has helped a bit but we still get NT
domain login frequently before fwall authentication. Now the simple answer
would be to instruct users not to login until they have seen fwall auth
screen and responded to it. However, we all know what users are like ;-)
and it would be better if it would just work the way it's supposed to !
b) VAR recommended using FWZ as easier to setup keys - one side only needs
to be set but I am not sure if ISAKMP would be better (yes I know there are
differences in the encrypted portion of the packet but I am interested in
simple/easy admin that works)
c) I don't really want to upgrade to 4.1 on firewall yet but maybe this is
causing intermittent problems ?
d) Any 'gotchas' on NT WS 4.0 with SRemote client ?
e) Worth using latest build of SR - 4.1 Build 4157 ? (I tried to look at
release notes but you can't see these without a CP support contract - I am
supported through VAR)
TIA
Tim Higgins
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
