Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 1927 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Workstations behind RED 10

Marc M
Hello All,

    I have a curious situation, I have a ASG in the same network of my active directory domain controller, and in another site i have one RED 10 that make the comunication with my HQ.

    Ok, the situation is that the workstations behind of the RED 10 cannot be joinned to the ad domain, using the normal way (computer properties / change settings / inform the domain / put the admin credentials / etc..) because I got the error below.

    The only way to join the machines to domain is use the LMHOSTS to the windows xp computers and the djoin.exe to the windows 7 computers.

    Below additional informations about the environment:

- The DHCP of the computers behind the RED 10 is the RED, and the DNS Server configured is the Active Directory;

- ASG have a DNS Requesting routing to the domain.local to the AD server;

- Through nslookup the computers behind the red can resolve the domain.local and internet domains correctly.

- The shares are accessible between the both networks.

- Packetfilter have rules allowing any protocol between the asg -> red -> asg. 

Thank you in advance.

Marc


This thread was automatically locked due to age.
  • 0
    If you have IPS and/or Application Control enabled, check for false positives being triggered --- I'd especially have a look at the IPS.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    If you don't find anything in the Intrusion Prevention log, you might check to see if the latency introduced by the RED tunnel is causing the AD to abandon the join attempts.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi BrucekConvergent and BAlfson, thank you by the answers.

    But both of suggestions is not applicable because the IPS is disable and the latency is not the problem because after join the machines using lmhosts for xp and djoin.exe for w7 the computers can be logged in the domain and very fast....

    Its really a very strange situation but is what is happen ..  :-(

    Thanks in advance if you think in another thing.

    thx
  • 0
    Since this is a commercial installation, you must have Astaro/Sophos support - please have your reseller submit a support ticket so that the developers can look at this issue - this should work.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner