Hello gurus, We are running NG FP3 on Nokai box managed by a win2k m/c with sp4. I have found the following error in my application event log of my management server when i tired to switch logs.My smart tracker window stopped.However i was able to open smartdashboard,smartupdate..etc.a service start stop also didn't help. I had to warmboot my machine to get smartclient running The first one from the Application Eventlog is; 'the description for EventID(1) in source (Firewall-1) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is of the event: ps fetch: Couldn't get master from master file: The system cannot find the file specified.' The second message is; 'FW1SVC: Fetching DT security Policy from managment failed.' Cud anyone help.. Thanks in advance...
Automatic digest processor <[EMAIL PROTECTED]> wrote: There are 21 messages totalling 1402 lines in this issue. Topics of the day: 1. Dual VRRP Backup IP (2) 2. Secure Remote, office mode 3. SecureClient behind a NAT device (4) 4. CPNG FP3 & W2k SP4 support? 5. Solaris Hardening and ports 32771 - 32776 (3) 6. Checkpoint and China (5) 7. L2TP Configuration for NG FP3 8. (Problem with Interfaces) Windows 2000 Advanced Server and Checkpoint FW1 v4.1 need Help 9. VLAN Trunking not working with Intel Pro/100 NG FP3 or FP4 R54 10. send email alerts when firewall down 11. FW1 NG FP3 and SUN Fire v240 bge interface support ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ---------------------------------------------------------------------- Date: Thu, 4 Dec 2003 08:46:31 +0000 From: Can2002 Subject: Re: Dual VRRP Backup IP Thanks Reinhard, On Wed, 03 Dec 2003 23:30:08 +0100, "Reinhard Stich" said: > > hi, > > it is possible to do what you want to do. > > but you have to define dedicated hosts or networks to be routed to nokiaA > (with backup nokiaB) and those for nokiaB (with backup nokiaA). Agreed, and in fact this is exactly why we want to do this as we have two sites to which incoming traffic is routed via VRRP and in normal circumstances we want nominated traffic to be passed to both site. There is a WAN link between the two sites but we want to have control over what traffic traverses it. > > then define different NATs for these networks/hosts for differen > IP-addresses and disable auto-ARP. > > define proxy-ARPs for the nokiaA-IPs with the vrrp-MAC-nokiaA and the > nokiaB-IPs with the vrrp-MAC-nokiaB. the 2 vrrps have different vrrp-MACs > ... that's the way to define what IPs go primary over nokiaA and what IPs > go primary over nokiaB. > > is that clear? On the Nokia side, definitely. My uncertainty is how I configure this on the Firewall-1 side. I cannot see how I can configure the cluster object appropriately. > > cheers > reinhard ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 10:48:04 +0100 From: Reinhard Stich Subject: Re: Dual VRRP Backup IP At 09:46 04.12.2003, you wrote: >[...] >On the Nokia side, definitely. My uncertainty is how I configure this on >the Firewall-1 side. I cannot see how I can configure the cluster object >appropriately. just as you do it normally, the only thing that is important on fw1 is the state-sync. for VPN you'll have to choose one firewall that is the primary VPN box and there you can define IP-pool-nat to avoid asymetric routing ... cheers reinhard > > > > cheers > > reinhard > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich, ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-10 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 13:09:41 +0100 From: Lars Troen Subject: Re: Secure Remote, office mode I've found this to work with Securemote AI (R54, build 132) and NG FP3 HF2. I too believe that this is rather a bug than a feature as it doesn't work with other versions. Lars -----Original Message----- From: Ray P. [mailto:[EMAIL PROTECTED] Sent: 3. desember 2003 01:58 To: [EMAIL PROTECTED] Subject: Re: [FW-1] Secure Remote, office mode >From messages I've read, it appears Office Mode may have worked with older versions of SecuRemote/Firewall-1 NG but not with later versions. I guess this really was a bug and not a feature! Ray ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 07:58:53 -0500 From: "Eric Brouwer (Corporate DET)" Subject: SecureClient behind a NAT device Hello, I am running NG AI on a Nokia appliance. I am installing SecureClient on our laptops. I did some testing from home last night via my cable modem. Attached to my cable modem is a 3COM Office Connect Gateway that does DHCP for my home PCs. The IP address my home traffic goes out on is 66.68.x.x. The IP I get from my gateway is 10.0.x.x. With SC loaded, I can connect to the policy server no problem. I can also browse the internet. I can not, however, access my office network behind the firewall. If I watch the SC logs, I see encrypted traffic go to my LAN address, 38.153.x.x, but it doesn't seem to do anything. I can't map drives, access programs, etc. I only have 3 rules set for Desktop Security: Inbound: Any traffic from my LAN is accepted. Any other traffic is blocked. Outbound: All traffic is accepted. What am I missing? Thank you, Eric Brouwer Director of Information Technology Village Green Companies P: 248.932.2775 F: 248.538.2775 [EMAIL PROTECTED] www.villagegreen.com This electronic message and all contents contain information which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee only. If you are not the addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this electronic message in error, please notify me immediately and destroy the original message and all copies. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 14:10:02 +0000 From: Robert Rutherford Subject: Re: SecureClient behind a NAT device Have a look through this.. http://oldfaq.phoneboy.com/fom-serve/cache/274.html Rob "Eric Brouwer (Corporate DET)" Sent by: Mailing list for discussion of Firewall-1 04/12/2003 12:58 Please respond to Mailing list for discussion of Firewall-1 To [EMAIL PROTECTED] cc Subject [FW-1] SecureClient behind a NAT device Hello, I am running NG AI on a Nokia appliance. I am installing SecureClient on our laptops. I did some testing from home last night via my cable modem. Attached to my cable modem is a 3COM Office Connect Gateway that does DHCP for my home PCs. The IP address my home traffic goes out on is 66.68.x.x. The IP I get from my gateway is 10.0.x.x. With SC loaded, I can connect to the policy server no problem. I can also browse the internet. I can not, however, access my office network behind the firewall. If I watch the SC logs, I see encrypted traffic go to my LAN address, 38.153.x.x, but it doesn't seem to do anything. I can't map drives, access programs, etc. I only have 3 rules set for Desktop Security: Inbound: Any traffic from my LAN is accepted. Any other traffic is blocked. Outbound: All traffic is accepted. What am I missing? Thank you, Eric Brouwer Director of Information Technology Village Green Companies P: 248.932.2775 F: 248.538.2775 [EMAIL PROTECTED] www.villagegreen.com This electronic message and all contents contain information which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee only. If you are not the addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this electronic message in error, please notify me immediately and destroy the original message and all copies. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= **************************************************************************** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] **************************************************************************** This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com **************************************************************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 11:38:40 -0500 From: Edward Chase Subject: Re: CPNG FP3 & W2k SP4 support? While our firewall is a Nokia box, our management console is W2K SP4 and we are using NG FP3 There has been no problems with our management console. This same machine is the log server. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Nick Brandson Sent: Wednesday, December 03, 2003 9:06 PM To: [EMAIL PROTECTED] Subject: [FW-1] CPNG FP3 & W2k SP4 support? Hi guru, Although never seen W2k SP4 is supported on the FP3 Release note... Do anyone run FP3 on W2k SP4 successfully? thanks Nick ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 11:44:49 -0500 From: Edward Chase Subject: Re: SecureClient behind a NAT device What is the internal IP scheme of your office network? I could see issues if it is using the same 10.0.x.x scheme that your internal home network is using. If that's the case try chaning your home network to a different IP scheme. 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Eric Brouwer (Corporate DET) Sent: Thursday, December 04, 2003 7:59 AM To: [EMAIL PROTECTED] Subject: [FW-1] SecureClient behind a NAT device Hello, I am running NG AI on a Nokia appliance. I am installing SecureClient on our laptops. I did some testing from home last night via my cable modem. Attached to my cable modem is a 3COM Office Connect Gateway that does DHCP for my home PCs. The IP address my home traffic goes out on is 66.68.x.x. The IP I get from my gateway is 10.0.x.x. With SC loaded, I can connect to the policy server no problem. I can also browse the internet. I can not, however, access my office network behind the firewall. If I watch the SC logs, I see encrypted traffic go to my LAN address, 38.153.x.x, but it doesn't seem to do anything. I can't map drives, access programs, etc. I only have 3 rules set for Desktop Security: Inbound: Any traffic from my LAN is accepted. Any other traffic is blocked. Outbound: All traffic is accepted. What am I missing? Thank you, Eric Brouwer Director of Information Technology Village Green Companies P: 248.932.2775 F: 248.538.2775 [EMAIL PROTECTED] www.villagegreen.com This electronic message and all contents contain information which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee only. If you are not the addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this electronic message in error, please notify me immediately and destroy the original message and all copies. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 13:19:40 -0500 From: "Hicks, Rodger" Subject: Solaris Hardening and ports 32771 - 32776 I've hardened my Solaris box by shutting down many of the startup scripts including s71rpc, s73nfs.client, s73cachefs.daemon and s71sysid.sys and commented out ALL services in /etc/inetd.conf however after reboot my server keeps listening on ports 32771 thru 32776. Any idea why? I thought these were rpc ports for services in inetd.conf. Are these Checkpoint NG ports? thanks!! Rodger ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 19:16:27 +0100 From: Michael Schwartzkopff Subject: Checkpoint and China Hi, one of our customers is planning to send some managers to China. On their laptops SecuRemote is installed. Does anybody know about the cryptolaw situation in China? Is it allowed to use SecuRemote with 3DES in China? Thanks for you valued comments. Michael Schwartzkopff ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------ Date: Thu, 4 Dec 2003 14:13:10 -0400 From: Joseph CharlesWalcott Subject: L2TP Configuration for NG FP3 Hello, I like any assistance/recommendations that I can get to resolve a problem with configuring NG FP3 HF2 to connect via VPN to a Windows 2003 Server using L2TP. I used the configuration I got from the secureknowledge website; http://support.checkpoint.com/kb/docs/public/vpn1/ng/pdf/L2TP_GW.pdf === message truncated === --------------------------------- Download Yahoo! Messenger now for a chance to WIN Robbie Williams "Live At Knebworth DVD" ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
