I have this return with a "fw ctl iflist"
0 : eth-s3p1c0
1 : eth1c0
2 : eth3c0
3 : ....
And yes the built-in interface as this syntax ethXc0 and the other this one
eth-sXpXc0.
Is the interface with number 0 is my external interface in this case ? In
this case why the file $FWDIR/conf/external.if with eth2c0 as content don't
work after a fwstop && fwstart ?
I have also Firewall running on solaris but with this OS the external.if
file exists as soon as checkpoint is install, whereas in IPSO i must create
this file ... This file really work in IPSO
how you configure you're external interface in a IPSO station with a CP FW1
4.1 SP5 ?
Perhaps it must be a specifical right on the file i have this one:
-rw-rw-r-- root wheel external.if
Greetings and thx for all your response,
Stephen
"Mellor, Derin"
<[EMAIL PROTECTED]> Pour :
[EMAIL PROTECTED]
Envoy� par : Mailing list for cc :
discussion of Firewall-1 Objet : Re:
[FW-1] external interface ?
<[EMAIL PROTECTED]
point.com>
16/10/02 18:41
Veuillez r�pondre � Mailing list for
discussion of Firewall-1
To find the interfaces that CP thinks it is using: fw ctl iflist
What type of Nokia are you using? I would expect a syntax for the
interface name: eth-s1p1c0
Regards Derin
-----Original Message-----
From: Sadir [mailto:[EMAIL PROTECTED]]
Sent: 16 October 2002 12:31
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] external interface ?
Try using fw stat -d -l or if it is NG use cpstat -f all fw this may
give you insight on which is the external int try fw monitor "aceept ;"
-m IiOo The capital I is always for incomming so you can see which int
is accepting the traffic i hope you don't have a heavy firewall
Stephen B. wrote:
>How should i know the external interface in a nokia box ?
>I put the file external.if in $FWDIR/conf with this content: eth2c0
>(logical external interface) as it said in the phoneboy site, but how
>can i see if the modification has succesfull ?
>
>Because i have problem to connect to firewall-1 with secure remote i
>made this for debug:
>
>fw monitor -e "accept ((src=@secure-remote,dst=@external-firewall) or
>(src= @external-firewall,dst=@secure-remote));"
>
>And i have this log:
>
>eth2c0:i[44]: @secure-remote -> @external-firewall (TCP) len=44
>id=27409
>TCP: 3816 -> 264 .S.... seq=0020b349 ack=00000000
>eth2c0:I[44]: @secure-remote -> @external-firewall (TCP) len=44
id=27409
>TCP: 3816 -> 264 .S.... seq=0020b349 ack=00000000
>eth3c0:o[44]: @external-firewall -> @secure-remote (TCP) len=44
id=34388
>TCP: 264 -> 3816 .S..A. seq=25ec351a ack=0020b34a
>eth3c0:O[44]: @external-firewall -> @secure-remote (TCP) len=44
id=34388
>
>The ip address of the eth2c0 is @external-firewall but the firewall use
>the interface eth3c0 to respond to my secure remote user ?? Is it
>possible that my external interface isn't eth2c0 ?
>And after that i don't have IKE negociation ...
>
>
>A little help should be greatly appreciated ;)
>
> Stephen.
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
>
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
<FONT SIZE=1>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately and then delete from your system.
This footnote also confirms that this email message has been swept
for the presence of known computer viruses.
**********************************************************************</FONT>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
