RE: extranet FW-1's remote access w/ Secur-ID and NetBT auth

["Dom De Vitto" <dom () devitto com>]

Up service pack your FW1 install.
Build 4031 is SP1 (I think, or straight 4.0).

Either way, with FW1 you want to always implement on the latest,
proven (by yourself, don't trust checkpoint) service pack.

If you've a working system and are happy, don't up-SP unless you need
a fix, even then, I'd say wait a month or two to see if the new SP
is buggy!

A v4 policy editor _can_ control a v3 mgmt station. (not v.v)

Also I'd NT4/SP5 the server - it's always been fine for me (unless
checkpoint cleared NT4/SP6, but they tend to be 3+ months behind....)

Best of luck,
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto
Secure Technologies Ltd.                           Mob. 07971 589 201
mailto:dom () devitto com                             Tel. 01202 738 767
http://www.devitto.com                             Fax. 08700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Rui Ribeiro
Sent: Monday, February 14, 2000 12:00 PM
To: firewall-wizards () nfr net
Cc: pedro.borralho () case pt
Subject: extranet FW-1's remote access w/ Secur-ID and NetBT auth 



Hi. I am writing this message, in the hope someone has stunbled into our prob. We're creating here an extranet with 
FW-1, Secur-ID authenticated. NetBT domain authentication is also required.

Problem is, NetBT auth isn't working. It worked over a brief period of time, but I suspect it was due to a holiday 
period with low-traffic associated. (we're are now monitoring our line with MRTG). The NetBT's NT domain authentication 
always fails with a "NT domain server not found" error message. Our lmhosts file appears to be correct, with the hosts 
and domain. The local client topology file built with SecureRemote is also correct. ping works ok. More disturbingly 
yet, after failing the NT domain auth (*but being sucessfful with SecurID auth), I have access to the NT shared 
resources. (Cached credentials?)

TCP/IP connectivity is great. Terminal Server is working slowly.

We're using SecureRemote 4.0, FW-1 Build 4031 (Is it possible we're using policy editor v4.0 with FW/1 3.x?), 
ACE/server 3.31 and SecureRemote v4.0 export edition. The NT servers have installed SP4+y2k hotfixes, and the Win 98 
remote clients have the full y2k patches.

We're planning an upgrade to Citrix's Metaframe for remote work, and NetBT authentication is used for persorns who 
can't, and have the speed to work with the local files. I also have info where the Terminal Server w/ SP 5 and one or 
more hotfixes is an appropriate match for Metaframe. We will be conduncting tests shortly.

Wether the NetBT setup is apropriate in terms of bandwith, that's another matter. Peharphs a secure FTP solution wasn't 
that inapropriate, but it would be nice to have the NetBT authentication, just in case.

Regards,
Rui Ribeiro

---
Rui Fernando Ferreira Ribeiro
IT Consultant







--== Sent via Deja.com http://www.deja.com/ ==--
Share what you know. Learn what you don't.

Attachment: Domenico De Vitto.vcf
Description: