Firewall Wizards mailing list archives
RE: extranet FW-1's remote access w/ Secur-ID and NetBT auth
From: "Dom De Vitto" <dom () devitto com>
Date: Sun, 5 Mar 2000 13:15:18 -0000
Up service pack your FW1 install. Build 4031 is SP1 (I think, or straight 4.0). Either way, with FW1 you want to always implement on the latest, proven (by yourself, don't trust checkpoint) service pack. If you've a working system and are happy, don't up-SP unless you need a fix, even then, I'd say wait a month or two to see if the new SP is buggy! A v4 policy editor _can_ control a v3 mgmt station. (not v.v) Also I'd NT4/SP5 the server - it's always been fine for me (unless checkpoint cleared NT4/SP6, but they tend to be 3+ months behind....) Best of luck, Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd. Mob. 07971 589 201 mailto:dom () devitto com Tel. 01202 738 767 http://www.devitto.com Fax. 08700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Rui Ribeiro Sent: Monday, February 14, 2000 12:00 PM To: firewall-wizards () nfr net Cc: pedro.borralho () case pt Subject: extranet FW-1's remote access w/ Secur-ID and NetBT auth Hi. I am writing this message, in the hope someone has stunbled into our prob. We're creating here an extranet with FW-1, Secur-ID authenticated. NetBT domain authentication is also required. Problem is, NetBT auth isn't working. It worked over a brief period of time, but I suspect it was due to a holiday period with low-traffic associated. (we're are now monitoring our line with MRTG). The NetBT's NT domain authentication always fails with a "NT domain server not found" error message. Our lmhosts file appears to be correct, with the hosts and domain. The local client topology file built with SecureRemote is also correct. ping works ok. More disturbingly yet, after failing the NT domain auth (*but being sucessfful with SecurID auth), I have access to the NT shared resources. (Cached credentials?) TCP/IP connectivity is great. Terminal Server is working slowly. We're using SecureRemote 4.0, FW-1 Build 4031 (Is it possible we're using policy editor v4.0 with FW/1 3.x?), ACE/server 3.31 and SecureRemote v4.0 export edition. The NT servers have installed SP4+y2k hotfixes, and the Win 98 remote clients have the full y2k patches. We're planning an upgrade to Citrix's Metaframe for remote work, and NetBT authentication is used for persorns who can't, and have the speed to work with the local files. I also have info where the Terminal Server w/ SP 5 and one or more hotfixes is an appropriate match for Metaframe. We will be conduncting tests shortly. Wether the NetBT setup is apropriate in terms of bandwith, that's another matter. Peharphs a secure FTP solution wasn't that inapropriate, but it would be nice to have the NetBT authentication, just in case. Regards, Rui Ribeiro --- Rui Fernando Ferreira Ribeiro IT Consultant --== Sent via Deja.com http://www.deja.com/ ==-- Share what you know. Learn what you don't.
Attachment:
Domenico De Vitto.vcf
Description:
Current thread:
- RE: extranet FW-1's remote access w/ Secur-ID and NetBT auth Dom De Vitto (Mar 05)