Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] DNS issue with SecuRemote/SecureClient

from Sergio Alvarez [Permanent Link]
Subject: [FW-1] DNS issue with SecuRemote/SecureClient
From: Sergio Alvarez <seralvar AT GMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 25 Aug 2006 13:27:15 -0600 
Hello,

I have a customer who recently resigned to his old Secure Client licenses to
use the budget on improvements on other CP products. They require DNS
resolution for use of local resources for their VPN clients and since Office
Mode was no longer available, we configured a SecuRemote DNS Server object
when we migrated everything to new equipment and NGX.
First tests were done with the old R54 Secure Client they had installed on
their laptops and everything went ok, but now they are migrating their
clients to NGX and found out that if they run the installation just as
SecuRemote, the DNS resolution doesn't work at all, only way get to
resources is by IP, but if instead they run the client installation as
SecureClient, the DNS resolutions work perfect.
Some tests with "srfw monitor" revealed that in fact when installed as
SecuRemote, the DNS requests are never sent by the client to the "SecuRemote
DNS Server" configured, while instaled as SecureClient the requests are
captured clearly.
Office Mode has not been configured on the new installation of NGX, again
because there are no Secure Client licenses anymore.

Does anybody know why is this hapenning and if there is some sort of bug in
the SecuRemote installation? For now I have told my customer just to install
all clients as Secure Client even though there is no license for it and off
course no desktop security will be available. As far as I know, doing that
should not cause any issues, but if anybody knows of anything we should take
in count, please let me know.

Regards.

--
Sergio Alvarez
(506)8301342

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] DNS issue with SecuRemote/SecureClient, Sergio Alvarez <=
Previous by Date:  Re: [FW-1] SPLAT Load Average, Matthew Odendaal
Next by Date:  Re: [FW-1] SPLAT Load Average, Peter Pramberger
Previous by Thread:  [FW-1] Best Practise for 2 Internet Connections & 1 Firewall, Sean Donaghey/HDGH
Next by Thread:  [FW-1] FW Licensing, Liu, David
Indexes:  [Date] [Thread] [Top] [All Lists]