Greg Winkler <[EMAIL PROTECTED]> wrote: >Here's my two cents worth. > <snip> >they still OTHER problems with the few remaining implied rules that >allowing control connections creates?
Firstly, where's the improvement in just rebuilding implied rules without removing some services? The other point is a matter of trust I think. Checkpoint had to build 3 service packs and a few hotfixes in order to fix RDP security problems. Are really all problems fixed? Couldn't there still be a problem? I know it's like saying oh bind-4.1 had quite some security issues so I never will use any bind version anymore even latest versions fixed the problem. Does anybody know whether RDP is necessary in NG-FP1? Regards, Josef > >---------------------------------------------------------------------------------------- > >Greg Winkler >Systems Manager, IT&S >Huntsman Corporation >Internet Mail: [EMAIL PROTECTED] >Voice: (713) 235-6018 >Fax: (713) 235-6890 > > > > > "MALIN, ALEX (PB)" <[EMAIL PROTECTED]> > Sent by: Mailing list for discussion To: >[EMAIL PROTECTED] > of Firewall-1 cc: > <[EMAIL PROTECTED] Subject: Re: >[FW-1] VPN setup problems > point.com> > > > 12/12/01 11:13 AM > Please respond to Mailing list for > discussion of Firewall-1 > > > > > >You can use IKE instead of FWZ as the encryption scheme. With IKE, you >won't >need to accept control connections. Using IKE will also provide stronger >privacy protection. > >Alex Malin > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, December 12, 2001 3:12 PM >To: [EMAIL PROTECTED] >Subject: [FW-1] VPN setup problems > > >Hi, > >I am running SBFC2.0.35sp5, checkpoint 4.1sp5-rdp-hotfix on a solaris >box. Now I have setup a securemote VPN. However this only works as long >as "Accept VPN-1 FW-1 Control Connections" in the properties tab is >enabled. Anybody running a VPN without that setup successfully? When the >box is unchecked the node itself not the cluster IP replies to IKE >request, so reply packets are dropped by the firewall as those are not >in the state table. > >I've built me rulebase according to the implied rules which I really >want to enable and there aren't any drops/rejects in the logviewer >either. > >I don't want to enable above property as RDP is enabled by default and >this protocol has had quite a few errors in the past. > >Any help/ hint/ comment is really appreciated. > >Regards, >Egonle > >-- > > > > >__________________________________________________________________ >Your favorite stores, helpful shopping tools and great gift ideas. >Experience the convenience of buying online with Shop@Netscape! >http://shopnow.netscape.com/ > >Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[EMAIL PROTECTED] >================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[EMAIL PROTECTED] >================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[EMAIL PROTECTED] >================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[EMAIL PROTECTED] >================================================= > -- __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [EMAIL PROTECTED] =================================================
