Site-to-Site VPN with Safe@Office 225 and 110 Firewalls.

This is kind of long, and I apologize in advance for it, but it's a very perplexing problem, that deserves attention, and a thorough explanation.

I have a main office with a 225 appliance, and a remote office with a

110 appliance. We've created the VPN tunnel, and are connected to the main site using the tunnel just fine, but are having difficulties joining the domain at the main office.

Main Office IP Scheme

192.168.10.X CheckPoint device 10.1 as gateway and it does DHCP and is supposed to be passing DNS thru to the clients. The DC is a static 10.10 address DNS and DHCP is being handled to clients other than the server.

Remote Office IP Scheme

192.168.20.X CheckPoint device 20.1 as gateway and it does DHCP Clients are using 20.1 as DNS servers, and can surf fine.

This I believe is totally a DNS issue. But since we can surf, DNS is actually ok, just can't join the domain. I have verified the SRV records on the DC, supplied the DNS numbers at the main site to the remote site, and can surf, but not join.

Problems are as follows:

  1. The clients cannot join the domain, nor can they authenticate to the domain, but can search for the address and can find it.

  1. At a client PC, nslookup returns no server name, and the 20.1 gateway address.

  2. Cannot ping the NetBIOS name of the server, but can ping by IP address.

If you need more information, please ask, I can answer almost anything. I've been working with this client for 2 weeks now everyday, trying to resolve the problem.

Any help is appreciated, and if you made it this far, I greatly appreciate it.


Reply to
Loading thread data ...

Dear Red ...

Did you specify the dns servers in network > edit at the remote Safe@ ? Do you use a wins server as well ? Which firmware are both appliances ? You can also try editing a lmhost file on 1 pc to see if it makes any change .

If you need more assistance then register at

formatting link
open a support ticket .

Me or one off my colleagues will assist you then .

Happy New Year ! Wendy Rakovistki .

Reply to

Hello Wendy, and thanks for getting back with me... Are you an 'employee' of sofaware or checkpoint?? Just curious...

At the main site, I did specify the DNS servers that the server is using, but the server is a DNS client as well as a DNS server.

WINS is being used, and is working fine for internal name resolution, just not from the remote site.

At the remote site, it is registered, but the main site isn't yet, we were waiting to see if we had any major hurdles and now since we've hit one, registering and subscribing to the service center will be something we do next to get the latest firmware.

I've never edited an lmhost file, so I'm probably clueless there, but willing to do anything with some help.

Thanks for asking,


Reply to

On the Internet line setup, specify your INTERNAL DNS & WINS servers that are needed. Do not let it grab the ISP's DNS servers automatically. That should fix your problem.

If not, go over to

formatting link
and click on Discussion Groups and you will find an active community with official SofaWare responses.

Good luck,


Reply to
Me Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.