I am not sure why it is affecting ESP traffic when you turn SecureXL on, that is interesting.
>From what I understand about SecureXL and Nokia, SecureXL is the equal of flows on a Nokia so maybe turning this on is placing too many things in the stack and the double path is braking it (just guessing here) ----- Original Message ----- From: "cisco4ng" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, July 05, 2007 9:19 AM Subject: [FW-1] SecureXL and Nokia flow > Can some explain this to me? Nokia is not very clear. Here is the current > configuration on my Nokia IP380 running IPSO 4.1 build 33 with Checkpoint > NGx R61 with HFA_01. This Nokia is being managed by a Smart Center > running on a Nokia IP650 with IPSO 4.1 build 33 and Checkpoint NGx R65. > > This is what I currently have on the Nokia IP380 enforcement module: > > dca2-Nokia-1-P[admin]# ipsofwd list > net:ip:forward:noforwarding = 0 > net:ip:forward:noforwarding_author = fwstart > net:ip:forward:switch_mode = flowpath > net:ip:forwarding = 1 > dca2-Nokia-1-P[admin]# fwaccel stat > Accelerator Status : on > Templates : disabled by FireWall-1 starting from rule #2 > Accelerator Features : Accounting, NAT, Cryptography, Routing, > HasClock, Templates, VirtualDefrag, GenerateIcmp, > IdleDetection, Sequencing, TcpStateDetect, > AutoExpire, DelayedNotif, McastRouting, > WireMode > Cryptography Features : Tunnel, UDPEncapsulation, MD5, SHA1, NULL, > 3DES, DES, ESP, LinkSelection, DynamicVPN, > NatTraversal, EncRouting > dca2-Nokia-1-P[admin]# > > > Does flow "flowpath" have to be enable for SecureXL to take effect in Nokia > platforms? What happened if you have SecureXL on but turn off > flow on the Nokia? > > The reason I ask is that everytime I turn on SecureXL, it breaks ESP traffics > going through the firewall, NOT to the firewall. > > Anyone want to comment on this? Thanks. > > > > --------------------------------- > Need a vacation? Get great deals to amazing places on Yahoo! Travel. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
