VPNs from NG to 4.1 firewalls don't work unless Traditional Mode is used, and, unfortunately, you can change from Simplified Mode to Traditional Mode without creating a new security policy from scratch
---------------------------------------------------------------------------- ------------------------------------------------------- Mitchell Silver Network Manager Anite Calculus Ltd Calculus House Tel: +44 (0) 20 7435 0070 6 Hampstead Gate Fax: +44 (0) 20 7794 1199 1A Frognal Mob: +44 (0) 07967 094 953 London NW3 6AL United Kingdom Email:[EMAIL PROTECTED] ---------------------------------------------------------------------------- ------------------------------------------------------- This email is from Anite Calculus Limited. The e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> or telephone +44 (0) 20 7435 0070. Any views expressed by an individual within this e-mail, which do not constitute part of a legal contract, do not necessarily reflect the views of the company. ---------------------------------------------------------------------------- ------------------------------------------------------- -----Original Message----- From: Lars Troen [mailto:[EMAIL PROTECTED]] Sent: 14 October 2002 21:53 To: [EMAIL PROTECTED] Subject: Re: [FW-1] FP3 upgrade success One other thing that has stopped working is a IKE 3DES vpn to a 4.1 firewall. It did work right after the upgrade and it worked for atleast 12 hours after the upgrade (I'm not quite sure when it stopped working). I've tried established the vpn with new shared secrets and tried with and without aggresive mode (on both firewalls), but to no help. Things that stops working after a while is really annoying. :( Lars > -----Original Message----- > From: Lars Troen > Sent: Monday, October 14, 2002 09:27 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] FP3 upgrade success > > > One thing I noticed now that doesn't work is local.arp. There > have been others reporting this problem with FP2, but I had > it working fine here on FP2. Well, now it's obviously not > working on FP3. We're not using automatic arp, but local.arp. > And no, Automatic arp had not been enabled during the upgrade > like one report here (on solaris) stated. > > When I was talking about updates, I was mainly talking about > updates on FW1. Both IBM and HP are pretty quick with > releasing fixes, but Checkpoint aren't always too fast with > releasing fixes on fw1 for these operating systems. > > Lars > > -----Original Message----- > > From: Symon Thurlow [mailto:[EMAIL PROTECTED]] > > Sent: Sunday, October 13, 2002 23:43 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] FP3 upgrade success > > > > > > I agree, > > > > I ahve no problem at all using WIN32 platforms for > > Checkpoint, if it is set up properly (hardened) I don;t see > > that it is any worse, and like you say, MS are pretty quick > > on bug fixes. WIndows update is an easy way to keep on top of > > things if you are not proactive about it. > > > > -----Original Message----- > > From: Lars Troen [mailto:[EMAIL PROTECTED]] > > Sent: 13 October 2002 21:58 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] FP3 upgrade success > > > > > > Symon, > > Yes, I noticed that some had experienced problems with > > w2ksp3. That's why I kept it down on w2ksp2. It has been up > > and running for 8 hours now and it's still up and running. :) > > > > Lars > > > > PS: The reason I continued trying to get it up and working on > > w2k instead of choosing an alternative platform, is that many > > of our customers prefer that the firewall is running the same > > platform as the rest of their servers (and they have had fw1 > > running on nt 3.51, 4.0, w2k for years). Many might argue > > that this might not be too wise, but when fw1 is up and > > running it's usually not any worse or better on win32 than > > other platforms. And win32 has the past few years been a > > platform where fixes has been released more quickly than both > > hpux and aix. I guess Solaris has always been a good platform > > (except Solaris x86) and Linux/Secureplatform seems to be > > taking more and more market share and seems to be something > > Checkpoint is putting quite some effort into. IPSO might also > > be a great alternative, but requires special hw. > > > > > -----Original Message----- > > > From: Symon Thurlow [mailto:[EMAIL PROTECTED]] > > > Sent: Sunday, October 13, 2002 21:26 > > > To: [EMAIL PROTECTED] > > > Subject: Re: [FW-1] FP3 upgrade success > > > > > > > > > Lars, > > > > > > A couple of people on this list (well, me and one other) have had > > > problems with FP3 on WIN2K SP3 ceasing to forward packets > > > after about 3 > > > hours or so. Be careful to check for this. No solution > except for a > > > reboot AFAIK. > > > > > > Symon > > > > > > ############################################################## > > > ########## > > > ############# > > > Scanned for Viruses and Content and cleared by the > > Webvein Mail > > > Gateway > > > ############################################################## > > > ########## > > > ############# > > > > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ############################################################## > > ####################### > > Scanned for Viruses and Content and cleared by the > > Webvein Mail Gateway > > ############################################################## > > ####################### > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
