[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] dnsinfo.C not being downloaded
I believe you already did this, but you must manually add two lines to the top of the userc.c database file on the securemote client, then create (or update) the site. The lines go at the bottom of the very first (:options) section: :dns_xlate (true) :dns_encrypt (true) If you delete and recreate the site in securemote, you must manually re-add these lines. The best approach is to get it working just like you want it on one client, then copy the userc.c file over the default userc.c that comes on the distribution. Then, run your installs from there. That will also prevent users from having to create the site manually. Good luck... Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: Rodney Lacroix [mailto:[email protected]] Sent: Friday, September 15, 2000 5:15 AM To: [email protected] Subject: [FW1] dnsinfo.C not being downloaded Thanks to everyone for their tips on helping me get my split DNS to work. Unfortunately, it is still not working. I have identified the DNS server object on my firewall. I have edited (in DOS) the dnsinfo.C file (and renamed it to make it case sensitive) with the appropriate syntax (I believe - I'm still not clear on the brackets, should there be a space after :obj and the bracket, for example). I've added a rule in the top of my rulebase saying users@any, encryption domain, DNS, client-encrypt. I've added the #define ENCDNS line in the crypt.def file. I've bounced the server. I've stopped and restarted it. I've reloaded the rulebase....and on and on. When I update my SecuRemote client, the dnsinfo() area does not get populated. My dnsinfo.C file is in the C:\Winnt\FW1\4.1\conf directory, which was created when I upgraded the firewall from 4.0 to 4.1 SP2. I'm tired, and getting cranky. What am I missing? An implied rule setting? Should the DNS server be identified in the TCP/IP settings on the firewall itself (I wouldn't think so)? My firewall's TCP/IP settings use two ISP servers as it's DNS, and one internal DNS server (not the one I'm using as a test for this). I think my major problem is the update not happening on the client. If someone knows what the userc.C file on the SecuRemote client is supposed to look like afterwards, I can manually edit it and test. Again, thanks for the help. Rodney Lacroix ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|