Re: [FW-1] FW-1-MAILINGLIST Digest - 11 Mar 2009 to 12 Mar 2009 (#2009-43)

[Eli Faskha]

Creo


Eli Faskha
Soluciones Seguras
+507-6678-2006

-----Original Message-----
From: FW-1-MAILINGLIST automatic digest system 
<lists...@amadeus.us.checkpoint.com>

Date:     Fri, 13 Mar 2009 00:00:20 
To: <FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
Subject: FW-1-MAILINGLIST Digest - 11 Mar 2009 to 12 Mar 2009 (#2009-43)


There are 11 messages totalling 1361 lines in this issue.

Topics of the day:

  1. Release date for R70 (9)
  2. Secure Web Server Access with NGX
  3. Malformed ssl packet

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

----------------------------------------------------------------------

Date:    Thu, 12 Mar 2009 15:45:09 +0100
From:    Tobias Lachmann <tobias.lachm...@mcs.de>
Subject: Re: Release date for R70

 >I just seen it ... but I am reading Release notes and I don't see 
anything about new type of licenses.
 >Can I use my NGX r65 licenses on R70 or do I need to upgrade??

You can upgrade to R70 and stay with your old SKU .
Only if you want to use features like IPS blade or
blade portability you have to change to R70 licensing.
It looks like this is only possible through func-upgrade.

 >And another question: linux isn't supported as a security gateway now 
under R70, correct??

correct. use SecurePlatform instead.

tobias



Scanned by Check Point Total Security Gateway.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 09:34:03 -0600
From:    Sergio Alvarez <seral...@gmail.com>
Subject: Re: Release date for R70

Well, what about SmartDefense?

You say it is necessary to use R70 licensing for the IPS blade, but I was
under the impression IPS blade was going replace SmartDefense, so what you
are saying is if I upgrade to R70, but don't go thorugh a Func Upgrade, I
won't have a built-in IPS anymore?

Regards

On Thu, Mar 12, 2009 at 8:45 AM, Tobias Lachmann <tobias.lachm...@mcs.de>wrote:

> >I just seen it ... but I am reading Release notes and I don't see anything
> about new type of licenses.
> >Can I use my NGX r65 licenses on R70 or do I need to upgrade??
>
> You can upgrade to R70 and stay with your old SKU .
> Only if you want to use features like IPS blade or
> blade portability you have to change to R70 licensing.
> It looks like this is only possible through func-upgrade.
>
> >And another question: linux isn't supported as a security gateway now
> under R70, correct??
>
> correct. use SecurePlatform instead.
>
> tobias
>
>
>
>
> Scanned by Check Point Total Security Gateway.
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
+(506)88301342


Scanned by Check Point Total Security Gateway.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 17:58:49 +0100
From:    Tobias Lachmann <tobias.lachm...@mcs.de>
Subject: Re: Release date for R70

Yes, that's correct.

The IPS software blade needs the new R70 license.
SmartDefense license will only work on R65 with R65 license.
And new SmartDefense can only be bought till 31.12.2009
as it is on the old pricelist.

As for the various long-term license as UTM-1 TS3,
I think SmartDefense will be available for you
since you stick with R65 (which is supported till March 2011).

But renewals can't be bought, you have to move to R70
and IPS blade instead.




Sergio Alvarez schrieb:
> Well, what about SmartDefense?
>
> You say it is necessary to use R70 licensing for the IPS blade, but I was
> under the impression IPS blade was going replace SmartDefense, so what you
> are saying is if I upgrade to R70, but don't go thorugh a Func Upgrade, I
> won't have a built-in IPS anymore?
>
> Regards


Scanned by Check Point Total Security Gateway.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 10:47:40 -0700
From:    Gary Scott <accesslimi...@yahoo.com>
Subject: Re: Release date for R70

They are calling SD IPS now. Just did an upgrade from R65, went well...knock on 
wood. I can not speak for the IPS blades, haven't got my hands on any yet. 

-GS




________________________________
From: Sergio Alvarez <seral...@gmail.com>
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: Thursday, March 12, 2009 11:34:03 AM
Subject: Re: [FW-1] Release date for R70

Well, what about SmartDefense?

You say it is necessary to use R70 licensing for the IPS blade, but I was
under the impression IPS blade was going replace SmartDefense, so what you
are saying is if I upgrade to R70, but don't go thorugh a Func Upgrade, I
won't have a built-in IPS anymore?

Regards

On Thu, Mar 12, 2009 at 8:45 AM, Tobias Lachmann <tobias.lachm...@mcs.de>wrote:

> >I just seen it ... but I am reading Release notes and I don't see anything
> about new type of licenses.
> >Can I use my NGX r65 licenses on R70 or do I need to upgrade??
>
> You can upgrade to R70 and stay with your old SKU .
> Only if you want to use features like IPS blade or
> blade portability you have to change to R70 licensing.
> It looks like this is only possible through func-upgrade.
>
> >And another question: linux isn't supported as a security gateway now
> under R70, correct??
>
> correct. use SecurePlatform instead.
>
> tobias
>
>
>
>
> Scanned by Check Point Total Security Gateway.
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
+(506)88301342


Scanned by Check Point Total Security Gateway.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================



      

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 14:33:17 -0500
From:    John Lindblom <jlindb...@mico.com>
Subject: Secure Web Server Access with NGX

I'm currently running NGX R65 with SecureClient VPN access for remote and 
mobile employees.  We are looking at making a couple of web based 
applications available to customers and some employees with very low 
volume so I'm trying to determine what I can and can't do with the 
Checkpoint NGX R65 to secure these web server.  It appears Reverse Proxies 
are the most common for this type of security for the web servers. 

Can the NGX R65 firewall provide the security for these web server?  I was 
looking at the built in Clientless VPN capabilites to possibly handle this 
but the little information I can find on this is not clear.  I would like 
to avoid adding an additional piece of equipment if necessary considering 
the small number of connections we will have to these servers.  If a 
Reverse Proxy is the best route any recommendations?

John

------------------------
The information contained in this email and any attachments may contain 
confidential, proprietary, business sensitive, privileged or controlled 
information. If you are not the intended recipient, any disclosure, 
dissemination, distribution, duplication or other unauthorized use of the 
information contained in this email or any attachment is strictly 
prohibited. Unauthorized interception of this e-mail is a violation of 
law. If you are not the intended recipient, please notify the sender by 
reply email and immediately and permanently delete this mail and any 
attachments and any copies of them.

Technical data and/or information provided in this email or any attachment 
may be subject to U.S. export control laws. Export, re-export, diversion 
or disclosure contrary to U.S. law is prohibited. It is your 
responsibility to check this email and any attachments for viruses or 
other harmful code before opening or forwarding.
------------------------


Scanned by Check Point Total Security Gateway.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 13:40:59 -0600
From:    Sergio Alvarez <seral...@gmail.com>
Subject: Re: Release date for R70

Hey Gary, do you have a valid SmartDefense subscription? If so, have you
tried updating the IPS since the upgrade?

I'm trying to figure out if a customer with R65 and an SD subscription valid
until Jan 2010 will be able to upgrade to R70 in a near date, or if he will
have to wait until January to do the upgrade and still be able to have an up
to date IPS.

Maybe someone else in the list has an answer for that.

Regards


On Thu, Mar 12, 2009 at 11:47 AM, Gary Scott <accesslimi...@yahoo.com>wrote:

> They are calling SD IPS now. Just did an upgrade from R65, went
> well...knock on wood. I can not speak for the IPS blades, haven't got my
> hands on any yet.
>
> -GS
>
>
>
>
> ________________________________
> From: Sergio Alvarez <seral...@gmail.com>
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> Sent: Thursday, March 12, 2009 11:34:03 AM
> Subject: Re: [FW-1] Release date for R70
>
> Well, what about SmartDefense?
>
> You say it is necessary to use R70 licensing for the IPS blade, but I was
> under the impression IPS blade was going replace SmartDefense, so what you
> are saying is if I upgrade to R70, but don't go thorugh a Func Upgrade, I
> won't have a built-in IPS anymore?
>
> Regards
>
> On Thu, Mar 12, 2009 at 8:45 AM, Tobias Lachmann <tobias.lachm...@mcs.de
> >wrote:
>
> > >I just seen it ... but I am reading Release notes and I don't see
> anything
> > about new type of licenses.
> > >Can I use my NGX r65 licenses on R70 or do I need to upgrade??
> >
> > You can upgrade to R70 and stay with your old SKU .
> > Only if you want to use features like IPS blade or
> > blade portability you have to change to R70 licensing.
> > It looks like this is only possible through func-upgrade.
> >
> > >And another question: linux isn't supported as a security gateway now
> > under R70, correct??
> >
> > correct. use SecurePlatform instead.
> >
> > tobias
> >
> >
> >
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to lists...@amadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ow...@ts.checkpoint.com
> > =================================================
> >
>
>
>
> --
> Sergio Alvarez
> +(506)88301342
>
>
> Scanned by Check Point Total Security Gateway.
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>
>
>
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
+(506)88301342


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 21:13:28 +0100
From:    Reinhard Stich <r.st...@internet-security.at>
Subject: Re: Release date for R70

At 20:40 12.03.2009, you wrote:
>Hey Gary, do you have a valid SmartDefense subscription? If so, have you
>tried updating the IPS since the upgrade?

if you have a valid SD subscription you should have IPS with R70

br

-- 
Reinhard Stich          r.st...@internet-security.at
Internet Security AG, 1100 Wien, Wienerbergstrasse 9
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 


Scanned by Check Point Total Security Gateway.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 14:05:49 -0700
From:    Gary Scott <accesslimi...@yahoo.com>
Subject: Re: Release date for R70

Yes and yes. Updated to version 632090310 with no issues seen.

-GS




________________________________
From: Sergio Alvarez <seral...@gmail.com>
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: Thursday, March 12, 2009 3:40:59 PM
Subject: Re: [FW-1] Release date for R70

Hey Gary, do you have a valid SmartDefense subscription? If so, have you
tried updating the IPS since the upgrade?

I'm trying to figure out if a customer with R65 and an SD subscription valid
until Jan 2010 will be able to upgrade to R70 in a near date, or if he will
have to wait until January to do the upgrade and still be able to have an up
to date IPS.

Maybe someone else in the list has an answer for that.

Regards


On Thu, Mar 12, 2009 at 11:47 AM, Gary Scott <accesslimi...@yahoo.com>wrote:

> They are calling SD IPS now. Just did an upgrade from R65, went
> well...knock on wood. I can not speak for the IPS blades, haven't got my
> hands on any yet.
>
> -GS
>
>
>
>
> ________________________________
> From: Sergio Alvarez <seral...@gmail.com>
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> Sent: Thursday, March 12, 2009 11:34:03 AM
> Subject: Re: [FW-1] Release date for R70
>
> Well, what about SmartDefense?
>
> You say it is necessary to use R70 licensing for the IPS blade, but I was
> under the impression IPS blade was going replace SmartDefense, so what you
> are saying is if I upgrade to R70, but don't go thorugh a Func Upgrade, I
> won't have a built-in IPS anymore?
>
> Regards
>
> On Thu, Mar 12, 2009 at 8:45 AM, Tobias Lachmann <tobias.lachm...@mcs.de
> >wrote:
>
> > >I just seen it ... but I am reading Release notes and I don't see
> anything
> > about new type of licenses.
> > >Can I use my NGX r65 licenses on R70 or do I need to upgrade??
> >
> > You can upgrade to R70 and stay with your old SKU .
> > Only if you want to use features like IPS blade or
> > blade portability you have to change to R70 licensing.
> > It looks like this is only possible through func-upgrade.
> >
> > >And another question: linux isn't supported as a security gateway now
> > under R70, correct??
> >
> > correct. use SecurePlatform instead.
> >
> > tobias
> >
> >
> >
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to lists...@amadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ow...@ts.checkpoint.com
> > =================================================
> >
>
>
>
> --
> Sergio Alvarez
> +(506)88301342
>
>
> Scanned by Check Point Total Security Gateway.
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>
>
>
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
+(506)88301342


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================



      

Scanned by Check Point Total Security Gateway.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 15:08:07 -0600
From:    Sergio Alvarez <seral...@gmail.com>
Subject: Re: Release date for R70

Hello Reinhard,

Well I got concerned after reading what Tobias wrote earlier on this same
thread:

"The IPS software blade needs the new R70 license.
SmartDefense license will only work on R65 with R65 license.
And new SmartDefense can only be bought till 31.12.2009
as it is on the old pricelist.
As for the various long-term license as UTM-1 TS3,
I think SmartDefense will be available for you
since you stick with R65"

I don't know what you think, but after reading that, sounds to me like if
you have a long term subscription for SD, it makes no sense upgrading to R70
until that subscription expires.

Regards

On Thu, Mar 12, 2009 at 2:13 PM, Reinhard Stich <
r.st...@internet-security.at> wrote:

> At 20:40 12.03.2009, you wrote:
>
>> Hey Gary, do you have a valid SmartDefense subscription? If so, have you
>> tried updating the IPS since the upgrade?
>>
>
> if you have a valid SD subscription you should have IPS with R70
>
> br
>
> --
> Reinhard Stich          r.st...@internet-security.at
> Internet Security AG, 1100 Wien, Wienerbergstrasse 9
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
> Scanned by Check Point Total Security Gateway.
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
+(506)88301342


Scanned by Check Point Total Security Gateway.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 15:19:39 -0600
From:    Sergio Alvarez <seral...@gmail.com>
Subject: Re: Release date for R70

Alright Gary. Thanks a lot for your reply.

On Thu, Mar 12, 2009 at 3:05 PM, Gary Scott <accesslimi...@yahoo.com> wrote:

> Yes and yes. Updated to version 632090310 with no issues seen.
>
> -GS
>
>
>
>
> ________________________________
> From: Sergio Alvarez <seral...@gmail.com>
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> Sent: Thursday, March 12, 2009 3:40:59 PM
> Subject: Re: [FW-1] Release date for R70
>
> Hey Gary, do you have a valid SmartDefense subscription? If so, have you
> tried updating the IPS since the upgrade?
>
> I'm trying to figure out if a customer with R65 and an SD subscription
> valid
> until Jan 2010 will be able to upgrade to R70 in a near date, or if he will
> have to wait until January to do the upgrade and still be able to have an
> up
> to date IPS.
>
> Maybe someone else in the list has an answer for that.
>
> Regards
>
>
> On Thu, Mar 12, 2009 at 11:47 AM, Gary Scott <accesslimi...@yahoo.com
> >wrote:
>
> > They are calling SD IPS now. Just did an upgrade from R65, went
> > well...knock on wood. I can not speak for the IPS blades, haven't got my
> > hands on any yet.
> >
> > -GS
> >
> >
> >
> >
> > ________________________________
> > From: Sergio Alvarez <seral...@gmail.com>
> > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> > Sent: Thursday, March 12, 2009 11:34:03 AM
> > Subject: Re: [FW-1] Release date for R70
> >
> > Well, what about SmartDefense?
> >
> > You say it is necessary to use R70 licensing for the IPS blade, but I was
> > under the impression IPS blade was going replace SmartDefense, so what
> you
> > are saying is if I upgrade to R70, but don't go thorugh a Func Upgrade, I
> > won't have a built-in IPS anymore?
> >
> > Regards
> >
> > On Thu, Mar 12, 2009 at 8:45 AM, Tobias Lachmann <tobias.lachm...@mcs.de
> > >wrote:
> >
> > > >I just seen it ... but I am reading Release notes and I don't see
> > anything
> > > about new type of licenses.
> > > >Can I use my NGX r65 licenses on R70 or do I need to upgrade??
> > >
> > > You can upgrade to R70 and stay with your old SKU .
> > > Only if you want to use features like IPS blade or
> > > blade portability you have to change to R70 licensing.
> > > It looks like this is only possible through func-upgrade.
> > >
> > > >And another question: linux isn't supported as a security gateway now
> > > under R70, correct??
> > >
> > > correct. use SecurePlatform instead.
> > >
> > > tobias
> > >
> > >
> > >
> > >
> > > Scanned by Check Point Total Security Gateway.
> > >
> > > Scanned by Check Point Total Security Gateway.
> > >
> > > =================================================
> > > To set vacation, Out-Of-Office, or away messages,
> > > send an email to lists...@amadeus.us.checkpoint.com
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > fw-1-ow...@ts.checkpoint.com
> > > =================================================
> > >
> >
> >
> >
> > --
> > Sergio Alvarez
> > +(506)88301342
> >
> >
> > Scanned by Check Point Total Security Gateway.
> >
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to lists...@amadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ow...@ts.checkpoint.com
> > =================================================
> >
> >
> >
> >
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to lists...@amadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ow...@ts.checkpoint.com
> > =================================================
> >
>
>
>
> --
> Sergio Alvarez
> +(506)88301342
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>
>
>
>
>
> Scanned by Check Point Total Security Gateway.
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
+(506)88301342

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

------------------------------

Date:    Thu, 12 Mar 2009 22:25:29 -0700
From:    Shiroma Dassanayake <nilshiro2...@yahoo.com>
Subject: Re: Malformed ssl packet

Hi Little Lun
=C2=A0
Thanks for your suggestion. However, blocking SSL null pointer didn't work.=
 Changing "SSL enforcement" under VPN protocols to "Monitor only" worked. T=
he error is still displayed, but as the protection is set to "Monitor only"=
 the packets are not dropped.
=C2=A0
Regards
Shiroma=C2=A0=20

--- On Wed, 3/11/09, Little Lun <genius_geniu...@yahoo.com.hk> wrote:

From: Little Lun <genius_geniu...@yahoo.com.hk>
Subject: Re: [FW-1] Malformed ssl packet
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Date: Wednesday, March 11, 2009, 7:04 PM

Hi Shiroma,

Is it block by Smart Defense ?
Does any log show in the SmartView Tracker "Smart Defense" tag ?
It can show more information then the "All" tage.

I found the Check Point KB sk26010.
It is talking about "Malformed SSL packet" and Smart Defense.

May be you can try it ~ XD

It said : Under VPN protocols section of SmartDefense interface, remove the
check from "Block SSL null-pointer assignment" and install policy.

Moreover, how is your current rule setting now ?
The service field is "Any" or new design "SSL" protocol ?


Thanks !

Regards,

Little Lun


--- 2009=E5=B9=B43=E6=9C=8811=E6=97=A5 =E6=98=9F=E6=9C=9F=E4=B8=89=EF=BC=8C=
Shiroma Dassanayake
<nilshiro2...@yahoo.com> =E5=AF=AB=E9=81=93=EF=B9=95

> =E5=AF=84=E4=BB=B6=E4=BA=BA: Shiroma Dassanayake <nilshiro2...@yahoo.com>
> =E4=B8=BB=E9=A1=8C: Re: [FW-1] Malformed ssl packet
> =E6=94=B6=E4=BB=B6=E4=BA=BA: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> =E6=97=A5=E6=9C=9F: 2009 3 11 =E6=98=9F=E6=9C=9F=E4=B8=89 =E4=B8=8B=E5=8D=
=88 1:41
> Hi Checkpoint gurus
> =C2=A0
> Thanks JP/Mark for the suggestions. I tried out both
> workarounds, but the error still persists (attack name:
> invalid ssl packet
> > SSL v3: malformed packet (field lengths do not
> match)). Any other ideas?
> =C2=A0
> Regards
> Shiroma
>=20
> --- On Wed, 3/4/09, Jean-Paul Baillon
> <jean-paul.bail...@safecom.co.nz> wrote:
>=20
> From: Jean-Paul Baillon
> <jean-paul.bail...@safecom.co.nz>
> Subject: Re: [FW-1] Malformed ssl packet
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> Date: Wednesday, March 4, 2009, 12:53 PM
>=20
> Better still create a new https service (possibly call it
> https_none)
> and set the protocol type to none - use this service for
> your skype voip
> rule
>=20
> Doing it this way will not disable protocol checking for
> https in your
> other rules with https defined
>=20
> JP
>=20
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On
> Behalf Of Mark
> Elsen
> Sent: Wednesday, 4 March 2009 11:43 PM
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] Malformed ssl packet
>=20
> > Dear Checkpoint gurus
> >
> > When attempting to access skype (non-voip acces has
> been allowed for a
> selected group of individuals), we are unable to connect.
> On checking
> the tracker logs, https packets to one of the Skype IPs are
> being
> dropped with this message:
> >
> > attack name: invalid ssl packet
> > SSL v3: malformed packet (field lengths do not match)
> >
> > Where in smartdefence can the actions for this attack
> be modified?
> >
> > Regards
> > Shiroma
> >
>=20
>  - Check the Advanced Properties of the https service : set
> protocol
> type to -> 'None'.
>=20
> This will disable in-depth checking of SSL transactions.
>=20
> M.
>=20
> Scanned by Check Point Total Security Gateway.
>=20
> Scanned by Check Point Total Security Gateway.
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
###########################################################################=
##########
> Important: This electronic message and attachments (if any)
> are confidential
> and may be legally privileged. If you are not the intended
> recipient do not
> copy, disclose or use the contents in any way. Please let
> us know by return
> e-mail immediately and then destroy this message.
>
###########################################################################=
##########
>=20
> Scanned by Check Point Total Security Gateway.
>=20
> Scanned by Check Point Total Security Gateway.
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
>=20
>=20
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


      Yahoo!=E9=A6=99=E6=B8=AF=E6=8F=90=E4=BE=9B=E7=B6=B2=E4=B8=8A=E5=AE=89=
=E5=85=A8=E6=94=BB=E7=95=A5=EF=BC=8C=E6=95=99=E4=BD=A0=E5=A6=82=E4=BD=95=E9=
=98=B2=E7=AF=84=E9=BB=91=E5=AE=A2!
=E8=AB=8B=E5=89=8D=E5=BE=80 http://hk.promo.yahoo.com/security/ =E4=BA=86=
=E8=A7=A3=E6=9B=B4=E5=A4=9A!

Scanned by Check Point Total Security Gateway.

Scanned by Check Point Total Security Gateway.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=0A=0A=0A      
=0D=0A
Scanned by Check Point Total Security Gateway.=0D=0A

=0D=0A
Scanned by Check Point Total Security Gateway.=0D=0A

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

------------------------------

End of FW-1-MAILINGLIST Digest - 11 Mar 2009 to 12 Mar 2009 (#2009-43)
**********************************************************************
IƧç[È(^rCèŠ{S¢Ö¥Iç.®+r«^Á¬ÿ

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================