Navigation¶

• Contents
  

• Wiki Main Page
• My Blog
• My Web site
• My Old Blog
  

• DCDFLIB Port
• WinROTT Port
  

• Random Page
• Create a new Page
• Categories
  

• Administration
• File Management
  

• Login/Logout
• Language Selection
• Your Profile
• Create Account
  

Quick Search
»
Advanced Search »

Checkpoint and working from a remote location with Windows XP

I've been working with Checkpoint VPN-1 SecurRemote NGX R60 HFA2 (Build 044)

This article describes how to join a domain remotely and how to log into your domain from the same remote machine. The processes are different. I have been able to successfully join a domain, but then I was not able to log into the domain and use its resources. If you follow these steps, you'll be able to do both successfully.

References

You'll want to read this Microsoft support article: How to write an Lmhosts file for domain validation and other name resolution issues

This article from TechRepublic is helpful, but not entirely necessary: Join a domain during Windows logon using a VPN client

This Microsoft support article applies to Windows 2000, but is helpful: Domain Browsing with TCP/IP and LMHOSTS Files

Information and files you will need before you start:

• The DNS servers for your company domain
• The name of the domain controller for your company domain
• The IP address of your company domain controller
• The IP address of the Checkpoint VPN appliance
• The Checkpoint gateway of the network you are logging on to (may not be required)
• Your domain logon and password MUST be the same as the Checkpoint logon and password
  

Discussion

1. Before you leave work, collect the DNS servers for your work network. Execute the command ipconfig /all and copy the DNS server IP addresses.
2. Install the Checkpoint client on your home computer according to your network administrator's documentation (you will need to reboot.)
3. Setup your network logon according to your company network administrator documentation after you've rebooted.
4. You will need to change the DNS servers for your home network. It is important that the DNS server for your work domain is the first DNS server on your home computer.
5. Make sure your second DNS server is the primary DNS server for your home internet provider.
6. Create your lmhosts file, setting the ip address of your company's domain controller.
7. Add the domain DNS to your local DNS names using properties of the TCP/IP driver
8. Run nbtstat -R to reload the cache
9. Connect to the Checkpoint appliance and logon per your company documentation.
10. Join your computer to the domain, assuming you have admin privileges on the company network. If you are using a company laptop, skip this step.
11. Modify your Checkpoint client configuration to use SDL (Secure Domain Logon)
12. Reboot
13. You can delete the lmhosts file at this point, as long as your domain DNS server is the first server in your home computer's DNS list.
14. Log on, you should see the Checkpoint SDL log on dialog
15. Get ready for a flurry of Checkpoint logon dialogs.
    

Caveats

1. If you have a home domain, the home domain will have to trust the work domain and vice versa. Good luck with getting that setup. Be sure to send a picture of your network admin when you tell him what you are trying to do.
2. You will probably not be able to view computers on your home network. I tried all sorts of experiments and network settings. Nothing worked for me.