I wasn't sure which forum to post this in, and am hoping this is an OK place to start. Recently I changed positions taking over the admin. of a small network that is Novell based. Prior to this I had no Novell experience, and am trying to get up to speed as quickly as possible while fighting the day - to - day fires. However, to this point my knowledge of Novell continues to be considerably lacking. The network has 6 Novell servers and 6 Windows servers. The clients are predominently Windows XP Pro with some Windows 2000 Pro systems. My firewall is Bordermanager 3.7 with Support Pack 2. I have implemented a Windows based DNS server internally, as I was not able to get the DNS/DHCP tool to connect to the Novell DNS server. I have pointed the clients to the internal Windows DNS server, and they are resolving url's fine. I built a new desktop for a user this afternoon, and am trying to reach the internet on the new system. I can resolve IP addresses from URL names, but I cannot get beyond the firewall in terms of the connection itself. As I have continued to work on trying to find the problem, I am now seeing the same thing happen on other client systems. I know that I also have a Zenworks server on the network, but again, I am not yet familiar with its configuration, management techniques, etc. My questions are these:
Does a workstation have to be entered into eDirectory in order to get internet access through a BM firewall (I have not had this problem when building new systems previously)?
I am assuming that Zenworks can be playing a role here, can anyone give me an idea of what to look for with regard to Zenworks?
Any other ideas?
Any and all help is greatly appreciated.
November 19th, 2004, 02:43 PM
I'm no BM guru, so I will go to the most obvious possibility first. Is it possible that when you connect the new workstation that you went over your license count? Potentially passing the buck on who can't get access? I would also look at the Access list features of boarder manager and make sure that the IP address bound to the clients is listed as acceptable traffic....is it possible that you created a DHCP scope outside the range of IP addresses allowed to connect to the firewall based on its current config?
November 19th, 2004, 03:06 PM
Thanks for your response. :) I was wondering about the license issue as well, and I admit there are some license issues on the network that I need to address. However, as I have continued to dig, I have spoken with our local Novell support consultant, and he is informing me that the persons who are "in the know" on this product are finding that it is having trouble managing stateful inspection filters. Supposedly the more stateful filters you have set up on the firewall, the quicker the performance will eventually degrade. Sounds kind of crazy to me that that would be the issue, but I did add another rule to my firewall Monday afternoon, and it was Tues. AM that things started to go belly up, so maybe there is some credence to this. The concerning thing to me is, if this thing can't consistently do stateful packet inspection, it is of little use to me. The consultant is suggesting changing the "lower priority" rules to a stateless inspection configuration, which I do not want to do. I am seriously considering moving to another product to take this headache away once and for all. Again, thanks for your help and ideas. I wanted to pass this information along to see if anyone else has heard of this being a problem with BM?