RE: [fw-wiz] Domain Login Problem Thru Netscreen
From: Dave Killion (Dkillion_at_netscreen.com)
Date: 10/30/03
- Previous message: Dragos Ruiu: "[fw-wiz] CanSecWest/core04 Call For Papers"
- Maybe in reply to: Nilanjan Sengupta: "[fw-wiz] Domain Login Problem Thru Netscreen"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Nilanjan Sengupta'" <nilanjan.sengupta@paladion.net>, firewall-wizards@honor.icsalabs.com Date: Thu, 30 Oct 2003 09:54:33 -0800
Nilanjan,
NetBIOS assumes all known systems are on the same layer 2 segment - it does
the Master Browser List local subnet broadcasts only. The solution to this
problem is to use WINS - it's what it is designed for. You'd have this
issue regardless of firewall vendor.
Dave Killion
Senior Security Engineer
Security Group, NetScreen Technologies, Inc.
This e-mail reflects the personal opinion of the author.
-- Unless explicitly so stated in the text, it does not represent an
official position of NetScreen Technologies, Inc.
This email contains material that is confidential. The content of this
email is for the sole use of the intended recipient(s). Any review or
distribution by persons other than the intended recipient(s) without the
express permission of NetScreen Technologies, Inc. is strictly prohibited.
If you are not the intended recipient, please contact the sender and
delete/destroy all copies of this email and any related attachments.
NetScreen does not guarantee the accuracy or completeness of third party
materials or information.
> -----Original Message-----
> From: Nilanjan Sengupta [mailto:nilanjan.sengupta@paladion.net]
> Sent: Thursday, October 30, 2003 1:27 AM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Domain Login Problem Thru Netscreen
>
>
> Hi,
> I need some help from you guys. I will describe the scenario:
>
> I am going to install a Netscreen firewall and that will
> have 4 Zones.
> Two of them are not relevant in this context. The other two are. The
> names of the Zones are Utility and DMZ. Now in Utility I am going to
> place a WinNT PDC. People from DMZ will log in to the Box. In DMZ the
> LAN users are there with some WAN users too. The WAN connects to
> different other locations which have other Domains too.
> The PDC is also a Exchange Server which will be replicating
> with another
> Exchange Server in the WAN. Over that it is a Trend Micro Anti Virus
> Server which will update Antivirus to the Desktops and the Servers at
> other Zones. It will download signatures from Internet through the WAN
> (DMZ ZONE).
>
> The Requirement is to enable Domain Login for users from DMZ (LAN and
> WAN) and enable Trust Relationship between domain at WAN and this
> server.
> My Question is:
> Can this domain Login be done if I configure the DMZ interface as DHCP
> Relay Agent pointing to the PDC? I case of Layer 3 Devices (Routers)
> this can be done by using the command ip helper-address <ip address>
> which is nothing but enabling DHCP Relay. Does this apply to
> a Netscreen
> also? Can you please instruct me what all is required to
> facilitate this
> communication. I do not want to use WINS.
>
> Regards,
> Nilanjan Sengupta
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dragos Ruiu: "[fw-wiz] CanSecWest/core04 Call For Papers"
- Maybe in reply to: Nilanjan Sengupta: "[fw-wiz] Domain Login Problem Thru Netscreen"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
