Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Active Directory replication between VPN site-site-tunnels

from Tony Pombo [Permanent Link]
Subject: Re: [FW-1] Active Directory replication between VPN site-site-tunnels
From: Tony Pombo <tony.pombo AT EDICTSYSTEMS DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Tue, 25 Oct 2005 10:19:19 -0400 
I need to disable the DNS UDP protection for my entire firewall system just
so a couple domain controllers can talk?  So, now I'm no longer protected
against bad DNS UDP packets from the Internet?  That's no good.

In this manner, the entire SmartDefense architecture seems poorly designed.

-----------------------------------------------
Tony Pombo
Systems and Security Architect
Edict Systems, Inc.
937-429-4288 x279
tony.pombo AT edictsystems DOT com

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of cisco4ng
Sent: Tuesday, October 25, 2005 7:33 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Active Directory replication between VPN
site-site-tunnels

This is quite simple.  Under SmartDefense, there is an option under DNS to
turn off 
"udp protocol enforcement".  just simply uncheck the box and re-push the
policy.
It will work after that.
 
cisco4ng

Loge VK <logevk AT GMAIL DOT COM> wrote:
I hope u have tried the Enabling Domain Name over UDP and TCP in Global
Properties... if u don't want to do that then add explicit rule with service
as domain-udp for this to pass..
Loge VK

On 10/25/05, Kalpesh Patel wrote:
>
> Hi
>
> We have a Site-to-Site VPN tunnel between UK, Paris and Munich with "any"
> service going through the rule (for now).
>
> We have now moved over to Microsoft Active directory (Windows 2003 SP1)
> and for some reason I'm seeing "domain-udp" drops in the firewall logs
> between the domain controllers and the DC are not replicating through the
> firewalls.
>
> Does anyone have a solution to this?
>
> Regards
> Kalpesh
>
>
>
> This message has been scanned for viruses by BlackSpider MailControl -
> www.blackspider.com 
>
> Website: http://www.kingston.com/europe
>
> Registered in England, No: 3643195 VAT No: GB 720 5258 60"
>
> "This email and any attachments is intended for the addressee only.
> It may contain confidential, proprietary or legally privileged
> information and any views or opinions presented are solely those of the
> author.
> If you are not the address you have received this e-mail in error.
> Please notify the sender by return e-mail and then destroy it.
> If you have received this e-mail in error, copying, printing,
> forwarding or dissemination of this e-mail is strictly prohibited.
> We virus scan all e-mails but are not responsible for any damage
> caused by a virus or alteration by a third party after it is sent.
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

                
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.  

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Nokia VRRP, Joe Matusiewicz
Next by Date:  [FW-1] RES: [FW-1] NDISWANIP interface, Maurit Pereira Fagundes
Previous by Thread:  Re: [FW-1] Active Directory replication between VPN site-site-tunnels, Kalpesh Patel
Next by Thread:  Re: [FW-1] Active Directory replication between VPN site-site-tunnels, Christian Chiaverini
Indexes:  [Date] [Thread] [Top] [All Lists]