Hello Gurus,
(BI have set up two cluster members(NG FP3(HF2)) and a
(BSmartCenter server without checking Cluster XL in the
(Btab of Gateway Cluster Properties. telnet between the
(Btwo cluster members is OK. But after #cpstop on one of
(Bcluster member, telnet between the cluster members does
Hi Tony,
please see CKP-Secureknowledgebase about your FTP error.
You have to edit the file $FW-DIR/lib/base.def
Edit the lines:
/* true if the port in tcp_services */
define KNOWN_SERVER_TCP_PORT(p) {
(not is_version_at_least(FP2_VER), KNOWN_SERVER_TCP_PORT_BC(p))
or
(is_version_at_least(F
Hi,
I am running CP Firewall NG FP3. I have a site-to aite VPN tunnel with my
head office. I also have secureclient users on my gateway. I have configured
Office mode on my gateway.
I want the secureclient users on my gateway to be able to access some
servers in the head office thru our VPN tunne
Hello,
I met very strange issues in a system which includes SVN and secure clients
running on secure platform.
One is memeory issue. The following is information from free command. Pls
pay attention to the memory usage of dtps process, it's almost 2140M virtual
memory and 450M physical memory. The
Yeah it will work
Alan Cupernall
Server Specialist
Kinney Drugs Inc.
[EMAIL PROTECTED]
-Original Message-
From: Will Black [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 9:24 PM
To: [EMAIL PROTECTED]
Subject:Re: [FW-1] NOKIA OS and CHKP NG
Thanks Reinhard, w
Thanks Reinhard, will 3.7 run on a 330 with 256MB RAM?
Thanks
Will
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Reinhard Stich
Sent: Wednesday, July 23, 2003 11:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] NOKIA OS and CHKP
I have 35 PDS 2110 Boxes 2 of which replaced IP330's. I have only had
one that has overheated, but otherwise, they are very reliable.
Matt LeBlanc
IT Manager
WH Energy Services
-Original Message-
From: Sherwood R. Probeck [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 6:30 PM
T
Greetings All!
I just relocated to our Albuquerque, New Mexico office and just found out
today that management is going to have me replace all of our Nokia IP440's
and IP330's with Intrusion PDS 5000's and 2415's at all of our US and UK
offices (total of 14 offices and 16 firewalls.) This decisi
You don't say which version you are running but if its NGAI you may need
to turn off fingerprint scrambling. Also, if the enforcement point is
defined with its Internal IP address in the General tab, this can also
cause all sorts of problems with the VPNs. Try this and see.
Frank
-Original M
I have had good luck with IAS and Check Point. There is also support
for groups, although I have not tried the following...
Groups of RADIUS Users To create policy rules for groups of users which are
not defined on the SmartCenter Server but are defined on a RADIUS server
(including any RADIUS-co
On Thursday 24 July 2003 18:30, Reinhard Stich wrote:
> hi,
>
> you need:
>
> CPMP-MPU-1-NG Multi-CPU Support for 1 Enforcement Point
>
> cheers
> reinhard
>
So that sounds a little bit...unbeleavable. As I understood, you don' t have
to buy CPMP-MPU-1-NG Multi-CPU Support but without
I had the same situation at a customers, so we installed Internet
Authentication Service on a Win2k server that has access to the Domain
accounts - and then used the generic* user...
it doesn't work very good though..
-Original Message-
From: Pedro Boavida [mailto:[EMAIL PROTECTED]
Sent:
Hi,
Is there workaround for authentication with radius/nt domain groups, since
its not currently functional ?
TIA,
Pedro Boavida
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
s
Additional Topic:
Novell client use a file called nwhost. located in c:\novell\client32. Edit
this file, add yr public or internal ip address fileserver and ip Tree (same
that your fileserver).
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Enviado el: Thursday, July
Wally,
As suggested in Nokia docummentation, you should use a switch in an IP
Clustering environment in order to avoid problems in the case that one of
the firewalls fails.
Daniel
-Original Message-
From: Wally Hughes [mailto:[EMAIL PROTECTED]
Sent: quinta-feira, 24 de julho de 2003 13:1
One funny thing is that we see collisions on the ingress port on one side, which
bothers me because it is connected to a switch. I don't have access to either
endpoint myself, so have queries in to check the duplex settings on the switch and the
device. I also thought the SA's may not be synce
hi,
you need:
CPMP-MPU-1-NG Multi-CPU Support for 1 Enforcement Point
cheers
reinhard
-Ursprüngliche Nachricht-
Von: Bill Mathews [mailto:[EMAIL PROTECTED]
Gesendet: Do 24.07.2003 17:59
An: [EMAIL PROTECTED]
Cc:
Betreff:
I'd definitely use a separated network.
One environment I'd setup we used a mangement network
(management server was on it, and some other security
servers). We tested this for a while, and it
worked ok, but we later switched it to a dedicated
interface using a crossover cable. This was all while
t
As the error indicates, yes you do.
Bill
> Hi
>
>We are running NG on Sun E250 with Dual Processors.
>
>Quite often we are getting error called "No license for multiple
> processors was found"
>
>do we need to go for any special license
>
> Regards
> A.Uthaya Sankar
>
> ==
Colleagues,
I have an issue with HHTP requests through the FW-1 v.4.1 (AIX 4.3.3 main.
Level ML 6) from the remote site that has been converted to the Ethernet.
After conversion, users complain that when they start the IE browser, the
first response is FW-1 error. After they type the URL address
Hi
We are running NG on Sun E250 with Dual Processors.
Quite often we are getting error called "No license for multiple
processors was found"
do we need to go for any special license
Regards
A.Uthaya Sankar
=
To set vacati
At 12:31 24.07.2003 +0100, you wrote:
Hi Gurus,
Have two sets of two Nokia IP330s (in HA) that support tunnels between two
sites. Traffic from B to A flows 24x7 without trouble. Particular
traffic from A to B (HTTPS from a server at A to a server at B) seems to
fail for an hour or slightly more
> > In the IPSO documentation you can read that Nokia recommends that
the two
> > cluster protocol networks are dedicated. Has anybody experiences
with
> > cluster networks not being dedicated, i.e. sharing with FW-1 sync
network
> or
> > with a real production network?
I know of one very large co
I have seen the exact same issues with FP3 and AI SecuRemote client on
windows 98. Unfortunately I have not found a solution to this yet. In
fact I also had issues with Windows 2000 and a Novell client drive
mappings, especially when secure client started up the drives were
already mapped. If t
Hi,
I work fine to access Novell fileserver with Securemote. I work with two
scenarios: 1)NAT fileserver & 2) VPN community.
Do you have applied a rule to access yr Novell fileserver with NCP
service(Novell Core Protocol)?
Which scenario are you working?
Aldo Loaiza
CCSA, CCSE
www.infosup.com
If you have RSA as a vendor you are entitled for free technical support. My
experience was very positive. Just call them and ask for assistance.
Best regards,
Roman M. Zeltser,
@National Computer Center
DNE, RSIS
-Original Message-
From: Daniel Samaan [mailto:[EMAIL PROTECTED]
Sent: Thur
If this type of trafic is legitimate, you can try
this.
Modify the user.def file on the management station and
enter the follwing line:
deffunc user_accept_non_syn() { (src=x.x.x.x,
dst=y.y.y.y) };
or if it's always the same port
deffunc user_accept_non_syn() { dport = xx };
or you can try thi
According to the Resolution 14805 of Nokia, The firewall receives a new connections
with the same port/service as a connection that was recently closed. (and because that
is still in session table of the firewall, firewall drops this session), the solution
of it (again it is in the resolution) i
Hello,
it is not a matter of speed or lack of it, so increasing the timeout
won't fix it. According to the message you get on your log, you have an
already established connection (the 3-way handshake for that session has
been completed). Your firewall intercepts a packet of that session that
has S
Thanks Ben,
Let me explain my problem in details
I got two provider-1. I want to take shift only certain CMAs from one provider-1 to
another one.
Now both provider-1 are running on different sets of IPs and different nomenclature,
so in that case , how does I take the backup from one provider-
Hi Gurus,
Have two sets of two Nokia IP330s (in HA) that support tunnels between two sites.
Traffic from B to A flows 24x7 without trouble. Particular traffic from A to B (HTTPS
from a server at A to a server at B) seems to fail for an hour or slightly more at a
time, every few days. During
Steffen,
I had tested IP clustering on two IP 380, IPSO 3.7 and NG FP3.
I had used one interface as FW-1 sync , and clutser was define on internal
and external interface and worked perfectly fine...
On the clutser network only , you can use the production network.
you can test this out !!
I hope
I've found that you can have a few problems if you install the CheckPoint
Software at a non-default directory.
In my case, for a backup purpose, I wanted that all the software was
installed at the drive d:.
If I installed it directly on the drive d: the previously described problem
occured. There
Hi Gurus,
I am facing problem on many user PC's running Windows 98 when trying to install
SecuRemote, Novell Client is not able to connect to Server and can not map
drives after SecuRemote client is installed. Anybody has encountered the same
problem.
I have tried it with latest version of Novell
Atul
You could just take a tar backup of the CMA directory.
BC
On Thursday, July 24, 2003, at 08:58 AM, Security Operation Center
wrote:
Hi folks,
For Provider-1 NG FP3 running on solaris , how do I take the backup of
a particular CMA..
Any guidelines , any help !!
Regards,
Atul Dalal
==
Hi,
I need a virtual interface on my Secureplatform NG FP3. How is the best
way to
apply this?
If you connect with the webui you can only edit the interface and add
VLAN's.
I have added the interface with ifconfig as eth2:1 but when i reboot the
interface dissapear.
I think i have found the fil
Hi folks,
For Provider-1 NG FP3 running on solaris , how do I take the backup of a particular
CMA..
Any guidelines , any help !!
Regards,
Atul Dalal
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the
Hi,
Yes but as you get the VPS license together with the VSC license or
with some unlimited licenses, I thought that if he had the VSC he
would have the VPS too ...
Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSE-NG
Hewlett-Packard
Hi,
I am getting the message in the subject field ( th_flags 2 message_info SYN for
established connection) for some our clients, after doing a quick research I found out
that those are mostly GPRS customers (and I guess they are slower than usual), as a
solution to that, would it be enough to
Hi!
We have a NG-FP3 on Win NT installed.
Now, we have create a new GW and some
new Rules, we become the following error
message if we install the Policy.
Frist at comes "Create New Database Version".
If we filled out the fields the error message
"Failed to create a version" comes up...
We can i
40 matches
Mail list logo