Thread: SecureClient issues
View Single Post
  #6 (permalink)  
Old 2006-01-10
SuderMan SuderMan is offline
Junior Member
  
Join Date: 2005-11-28
Posts: 13
Rep Power: 0
SuderMan has an average reputation (10+)
Default Re: SecureClient issues
Here is checkpoint's answer:
Solution ID: #skI2065

Product: SecuRemote
Version: NG
Last Modified: 15-Jul-2004

Solution

To set up Split DNS for VPN-1/FireWall-1 NG and SecuRemote/SecureClient NG, proceed with the following:

Create a Host Node network object in the Policy Editor
1. Select Manage > Network Objects
2. In the Network Objects dialog box, click on New and select Node > Host from the drop down list
3. In the Host Node dialog box, select General Properties in the left pane
4. In the Host Node - General Properties, enter the network object name of the internal DNS server in the Name field (ie. internal_dns)
5. Enter the IP address of the of the internal DNS in the IP Address field (ie. 192.168.2.100)
6. Click on OK in the Host Node dialog box
7. Click on Close in the Network Objects dialog box

Create a SecuRemote DNS server object in the Policy Editor
1. Select Manage > Servers
2. In the Servers dialog box, click on New and select "SecuRemote DNS..." from the drop down list
3. In the SecuRemote DNS Properties dialog box, select the General tab
4. In the General tab, enter the SecuRemote DNS server name for the SecuRemote DNS server in the Name field (ie. sr_dns_server)
5. Select the network object of the internal DNS server (ie. internal_dns) from the Host drop down list
6. In the SecuRemote DNS Properties dialog box, select the Domains tab
7. In the Domains tab, Click on Add
8. In the Domain dialog box, enter the domain suffix of the internal network in the Domain Suffix field (ie. detroit.com)
9. In the Domain Match Case section, select "Match only *.suffix" option

Note:
If internal network workstations have a name such as pcstation.sales.detroit.com (two labels preceding the domain suffix), select "Match up to ** labels preceding the suffix" option rather than the "Match only *.suffix" option. Adjust the number of labels in this option according to the maximum number of labels that may precede the domain suffix.

10. Click on OK in the Domain dialog box
11. Click on OK in the SecuRemote DNS Properties dialog box
12. Click on Close in the Servers dialog box
13. Install the security policy

Note:
After the security policy is installed on the firewall module, the SecuRemote / SecureClient needs to update/recreate the site in order to download the Split DNS information from the firewall module.

Note:
If you also wish to have the internal DNS traffic encrypted you will need to go to Global Properties > Remote Access and check the box to Encrypt DNS traffic. If you make this change you will need to install the Security Policy on the gateway and update the topology information on the client.
Reply With Quote