the internal DNS server’s IP address
Modify the $FWDIR/conf/dnsinfo.C file on the Management Station to redirect DNS by providing the following information.the domain for which it resolves names
the maximum number of labels to resolve (for example, 3 for xxx.hello.com). Suppose the SecuRemote Client’s domain is .hello.com and it fails to resolve yyy.goodbye.com. By default, Windows will then try to resolve yyy.goodbye.com.hello.com, and you will probably not want this query to be encrypted.
the network addresses for which it resolves (for reverse DNS)
In $FWDIR/conf/dnsinfo.C,
set :encrypt_dns (true) under :dnsinfo.
Instruct the gateway to encrypt DNS by changing the definition of
USERC_DECRYPT_SRC in crypt.def.
Reinstall the Security Policy on the gateway so that these changes take effect.
On the SecuRemote Client,
set :dns_encrypt (true)
under :options in database\userc.C.
Note – :dns_encrypt (true) is the default in VPN-1/FireWall-1 Version 4.1 and higher.
No comments:
Post a Comment