Re: Questions on Firewall-1 and Neighborhood Browser

[roger nebel <roger () homecom com>]

Jim,

You can't browse the network neighborhood (from inside or outside!)
because you are using address translation and NetBT (Netbios in
TCP/IP).  F/W-1's NAT only translates the TCP/IP addresses, not the
NetBT addresses (it doesn't even know they are there).  One way around
this is to distribute a windows shortcut file which you create by doing
a Find Computer (while dialed in with securemote, not locally) and using
the IP address (which you say you can do), then right mouse click to
create the shortcut.  Look at the shortcut Properties, Target, it should
look something like \\205.209.22.31\shares\shared.  Make sure the target
path is at the highest level of shares.  Change the name of the shortcut
file to something meaningful like "Remote Network Neighborhood" and an
appropriate icon.  The remote user also needs to be able to communicate
with a WINS server in your network (which I believe you say works based
on your log entries).  Kludgy, but it works.

A better way would be to write the inspect script to look into the NetBT
header and do translation on the fly.  One day someone will want this
bad enough to pay to develop the inspect script.  Check Point does not
indicate if version 4 will support this natively.  Raptor claims their
next remote client will.  I don't know about others.  

    

good luck, roger