Firewall Wizards mailing list archives
Re: SecuRemote NT / Firewall-1 2.1
From: Deepak Vaidya <dvaidya () clark net>
Date: Tue, 13 Oct 1998 19:50:36 -0400 (EDT)
On Mon, 12 Oct 1998, McClure, Allen wrote:
SecuRemote client v3.0a running on NT 4.0 SP3. I've tried support calls. It seems that the SecuRemote encryption service does a "late" start and prevents the IP stack from starting on time to properly authenticate with our domains. Assuming a local profile exists, it'll use the cached copy and complain about the domain controller not being reachable. So far I've been able to make it work by either logging in locally or by using a cached profile with domain account. It then seems to reauthenticate as appropriate and work fine. Perhaps I can get it [SecuRemote Daemon] unbound from the Ethernet??? How...?? I've fought this for many hours, can any of you shed light??? 95/98 works fine. Any help would be greatly appreciated.
I ran into the same problem that you are having, but I was using dhcp. The secure remote software would prevent dhcp client from starting up and it took me 6 months of going up the checkpoint support ladder to get a patch. The patch basically makes some changes in registry. I was not comfortable in asking the users to edit the registry manually and checkpoint finally release a patch. ===================================================================== Our R&D people are working to solve the problem of DHCP and SR. In our lab we succeeded to reproduce the problem that the interface is being blocked for a while after starting the DHCP service manually (after boot). The workaround for this problem may fix all the problem for DHCP and SR. you might still need to start the DHCP service manually after boot as mention in the FAQ. The workaround is to go to the registry by running from "run: regedit" and then searching all the flags of "ipforwarding" this can be done from the "edit" menu, choose "find" and enter the word: "ipforwarding This should find it in about three or more places. When you find each one, you need to edit it by double clicking on the highlighted ipforwarding entry and enter the value :"ffffffff" which will replace the value :"00000000" that was before. You can iteratively keep searching for these entries by pressing F3 please try this workaround and notify me if it advanced the situations (the problem disappear or maybe just improve) ======================================================================= I am not sure if you can get to the following url, but it has a description. http://www.checkpoint.com/support/technical/bugs/securemote/dhcpis.htm Contact your reseller to get the patch or use secure remote 4.0. I hope that helps. - Deepak PS: If I had to do it again, I would dump firewall-1 in a heartbeat. Everytime, checkpoint releases new version of anything, including patches. I have more problems than before, but need the features that new release/patch enable.
Current thread:
- SecuRemote NT / Firewall-1 2.1 McClure, Allen (Oct 13)
- Re: SecuRemote NT / Firewall-1 2.1 Deepak Vaidya (Oct 14)
- <Possible follow-ups>
- RE: SecuRemote NT / Firewall-1 2.1 McClure, Allen (Oct 14)