Yeah, that's what I thought but it didn't work. I made some more changes today and they did not take effect until I oushed the policy. Must do something with re-reading the file or something.
I did test changing the one on the management server and confirmed that it does NOT get moved to the enforcement module when a policy is pushed.
Ray Pesek, CISSP
From: "Huenten Andreas (MGI DCS)" <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] ipassignment.conf - Here's the trick Date: Fri, 30 Jan 2004 08:10:10 +0100
... you don't need to install the security policy because this file is installed on the module not on the management !
-----Original Message----- From: Ray Pesek [mailto:[EMAIL PROTECTED] Sent: Freitag, 30. Januar 2004 03:07 To: [EMAIL PROTECTED] Subject: Re: [FW-1] ipassignment.conf - Here's the trick
And the trick is .....
Push the security policy after editing ipassignment.conf
Ray Pesek, CISSP
>From: Ray Pesek <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [FW-1] ipassignment.conf - What's the trick? >Date: Thu, 29 Jan 2004 16:14:20 -0500 > >Hi, > >I'm trying to use the ipassignment.conf file on R55 in $FWDIR/conf on >the enforcement module to assign particular users a discrete Office >Mode IP address. Everyone authenticates by certificate against the Check Point ICA. > >I've tried about every syntax permutation I can think of but the file >just doesn't do anything. The "vpn ipafile_check ipassignment.conf >detail" check shows no errors. I even copied and pasted the certificate >CN= thing out of the certificate "view" and it won't work. > >Ray Pesek, CISSP > >_________________________________________________________________ >Find high-speed 'net deals - comparison-shop your local providers here. >https://broadband.msn.com > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >[EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, >email [EMAIL PROTECTED] >=================================================
_________________________________________________________________ Check out the new MSN 9 Dial-up - fast & reliable Internet access with prime features! http://join.msn.com/?pgmarket=en-us&page=dialup/home&ST=1
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Check out the coupons and bargains on MSN Offers! http://shopping.msn.com/softcontent/softcontent.aspx?scmId=1418
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
