unsubscribe
From: Automatic digest processor <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: Recipients of FW-1-MAILINGLIST digests <[EMAIL PROTECTED]> Subject: FW-1-MAILINGLIST Digest - 25 Oct 2002 to 26 Oct 2002 (#2002-301) Date: Sun, 27 Oct 2002 00:01:29 -0700 There are 3 messages totalling 127 lines in this issue. Topics of the day: 1. opsec "fwopsec.conf" file question! 2. OPSEC SAM API problem!! 3. <No subject given> ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ---------------------------------------------------------------------- Date: Sat, 26 Oct 2002 04:21:41 -0700 From: Shih-Yun Huang <[EMAIL PROTECTED]> Subject: opsec "fwopsec.conf" file question! in the fwopsec.conf file, should the correct syntax be: sam_allow_remote_requests yes ...or.... fw_allow_remote_requests yes ...or.... sam_allowed_remote_requests yes I saw " sam_allowed_remote_requests " on FP3 documents. (SmartCenter_NG_FP3.pdf) which one is the correct one? Can someone accurately explain what difference each of these lines would make in the behaviour of OPSEC ? _________________________________________________________________ Unlimited Internet access for only $21.95/month. Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp ------------------------------ Date: Sat, 26 Oct 2002 04:26:07 -0700 From: Shih-Yun Huang <[EMAIL PROTECTED]> Subject: OPSEC SAM API problem!! does SAM have limitation on some cases? did any one try this kind command before? or try to try the sam example? fwm sam -l long_alert -J subsrvs louvre 255.255.255.0 eifel 21 6 My idea is only to block one service on my network.. for example, I only want to disable/block port 80 (http service) for example, my subnet is 192.168.0.0 src src-mask dst dst-mask service ip_protocol 192.168.0.0 255.255.0.0 0 0 80 6 do you think sam can only block service/port?? these two are working in my setting. (1) this block all my TCP connection in my NAT.. SAM_SUB_SRC_IP_PROTO 192.168.0.0 255.255.0.0 6 (2) this blcok all connection in my network. SAM_SUB_SRC_IP 192.168.0.0 255.255.0.0 but this one does NOT work SAM_SUB_SERV_SRC 192.168.0.0 255.255.0.0 0 80 6 the case doesnpt work if I gvie any dst, port=80 and ip_p=tcp Did you try this before? Thanks for your time. I appreciate. ^_^ _________________________________________________________________ Internet access plans that fit your lifestyle -- join MSN. http://resourcecenter.msn.com/access/plans/default.asp ------------------------------ Date: Sat, 26 Oct 2002 17:21:01 -0700 From: Ben Keepper <[EMAIL PROTECTED]> Subject: <No subject given> Greetings, I am using Secure Client NG FP2 on Win2K connecting to a Nokia NG FP2 gateway. Using IKE with firewall passwords. My tunnel sets up and works fine, Except the tunnel dies every ten minutes. The client thinks it is still connected, but an error shows up in the Secure Client Diagnostics, under connections, where is says Phase One failed with no response from the gateway. Why is it even trying to renegotiate phase one after 10 minutes? All the IKE settings are default. Phase one set to 1440 minutes and phase two at 3600 seconds. The gateway logs don't report anything abnormal. This ten minute time out is consistent, whether there is traffic in the tunnel or not. This is pretty anoying, any thoughts? TIA, Ben BTW - I saw a knowledge base article on Nokia's site about needing to make sure VPN-1/FW-1 control connections where enabled on 4.1. It is enabled on my NG box. ------------------------------ End of FW-1-MAILINGLIST Digest - 25 Oct 2002 to 26 Oct 2002 (#2002-301) ***********************************************************************
_________________________________________________________________ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
