[FW-1] telnet problem between cluster members

Hello Gurus, (BI have set up two cluster members(NG FP3(HF2)) and a (BSmartCenter server without checking Cluster XL in the (Btab of Gateway Cluster Properties. telnet between the (Btwo cluster members is OK. But after #cpstop on one of (Bcluster member, telnet between the cluster members does

[FW-1] Betreff:[FW-1] Memory and FTP Issue about NG FP3

Hi Tony, please see CKP-Secureknowledgebase about your FTP error. You have to edit the file $FW-DIR/lib/base.def Edit the lines: /* true if the port in tcp_services */ define KNOWN_SERVER_TCP_PORT(p) { (not is_version_at_least(FP2_VER), KNOWN_SERVER_TCP_PORT_BC(p)) or (is_version_at_least(F

[FW-1] Site-to-Site VPN issue

Hi, I am running CP Firewall NG FP3. I have a site-to aite VPN tunnel with my head office. I also have secureclient users on my gateway. I have configured Office mode on my gateway. I want the secureclient users on my gateway to be able to access some servers in the head office thru our VPN tunne

[FW-1] Memory and FTP Issue about NG FP3

Hello, I met very strange issues in a system which includes SVN and secure clients running on secure platform. One is memeory issue. The following is information from free command. Pls pay attention to the memory usage of dtps process, it's almost 2140M virtual memory and 450M physical memory. The

Re: [FW-1] NOKIA OS and CHKP NG

Yeah it will work Alan Cupernall Server Specialist Kinney Drugs Inc. [EMAIL PROTECTED] -Original Message- From: Will Black [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 9:24 PM To: [EMAIL PROTECTED] Subject:Re: [FW-1] NOKIA OS and CHKP NG Thanks Reinhard, w

Re: [FW-1] NOKIA OS and CHKP NG

Thanks Reinhard, will 3.7 run on a 330 with 256MB RAM? Thanks Will -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Reinhard Stich Sent: Wednesday, July 23, 2003 11:32 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] NOKIA OS and CHKP

Re: [FW-1] Intrusion PDS

I have 35 PDS 2110 Boxes 2 of which replaced IP330's. I have only had one that has overheated, but otherwise, they are very reliable. Matt LeBlanc IT Manager WH Energy Services -Original Message- From: Sherwood R. Probeck [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 6:30 PM T

[FW-1] Intrusion PDS

Greetings All! I just relocated to our Albuquerque, New Mexico office and just found out today that management is going to have me replace all of our Nokia IP440's and IP330's with Intrusion PDS 5000's and 2415's at all of our US and UK offices (total of 14 offices and 16 firewalls.) This decisi

Re: [FW-1] VPNs dying every hour

You don't say which version you are running but if its NGAI you may need to turn off fingerprint scrambling. Also, if the enforcement point is defined with its Internal IP address in the General tab, this can also cause all sorts of problems with the VPNs. Try this and see. Frank -Original M

Re: [FW-1] Radius/NT Groups

I have had good luck with IAS and Check Point. There is also support for groups, although I have not tried the following... Groups of RADIUS Users To create policy rules for groups of users which are not defined on the SmartCenter Server but are defined on a RADIUS server (including any RADIUS-co

Re: [FW-1] AW: [FW-1] NG on Multiple Processors

On Thursday 24 July 2003 18:30, Reinhard Stich wrote: > hi, > > you need: > > CPMP-MPU-1-NG Multi-CPU Support for 1 Enforcement Point > > cheers > reinhard > So that sounds a little bit...unbeleavable. As I understood, you don' t have to buy CPMP-MPU-1-NG Multi-CPU Support but without

Re: [FW-1] Radius/NT Groups

I had the same situation at a customers, so we installed Internet Authentication Service on a Win2k server that has access to the Domain accounts - and then used the generic* user... it doesn't work very good though.. -Original Message- From: Pedro Boavida [mailto:[EMAIL PROTECTED] Sent:

[FW-1] Radius/NT Groups

Hi, Is there workaround for authentication with radius/nt domain groups, since its not currently functional ? TIA, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: s

Re: [FW-1] Checkpoint SecuRemote and Novell Client Compatibility

Additional Topic: Novell client use a file called nwhost. located in c:\novell\client32. Edit this file, add yr public or internal ip address fileserver and ip Tree (same that your fileserver). -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviado el: Thursday, July

Re: [FW-1] Nokia clustering

Wally, As suggested in Nokia docummentation, you should use a switch in an IP Clustering environment in order to avoid problems in the case that one of the firewalls fails. Daniel -Original Message- From: Wally Hughes [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 24 de julho de 2003 13:1

Re: [FW-1] Tunnels behaving strangely

One funny thing is that we see collisions on the ingress port on one side, which bothers me because it is connected to a switch. I don't have access to either endpoint myself, so have queries in to check the duplex settings on the switch and the device. I also thought the SA's may not be synce

[FW-1] AW: [FW-1] NG on Multiple Processors

hi, you need: CPMP-MPU-1-NG Multi-CPU Support for 1 Enforcement Point cheers reinhard -Ursprüngliche Nachricht- Von: Bill Mathews [mailto:[EMAIL PROTECTED] Gesendet: Do 24.07.2003 17:59 An: [EMAIL PROTECTED] Cc: Betreff:

Re: [FW-1] Nokia clustering

I'd definitely use a separated network. One environment I'd setup we used a mangement network (management server was on it, and some other security servers). We tested this for a while, and it worked ok, but we later switched it to a dedicated interface using a crossover cable. This was all while t

Re: [FW-1] NG on Multiple Processors

As the error indicates, yes you do. Bill > Hi > >We are running NG on Sun E250 with Dual Processors. > >Quite often we are getting error called "No license for multiple > processors was found" > >do we need to go for any special license > > Regards > A.Uthaya Sankar > > ==

[FW-1] Any clue on this one?

Colleagues, I have an issue with HHTP requests through the FW-1 v.4.1 (AIX 4.3.3 main. Level ML 6) from the remote site that has been converted to the Ethernet. After conversion, users complain that when they start the IE browser, the first response is FW-1 error. After they type the URL address

[FW-1] NG on Multiple Processors

Hi We are running NG on Sun E250 with Dual Processors. Quite often we are getting error called "No license for multiple processors was found" do we need to go for any special license Regards A.Uthaya Sankar = To set vacati

Re: [FW-1] Tunnels behaving strangely

At 12:31 24.07.2003 +0100, you wrote: Hi Gurus, Have two sets of two Nokia IP330s (in HA) that support tunnels between two sites. Traffic from B to A flows 24x7 without trouble. Particular traffic from A to B (HTTPS from a server at A to a server at B) seems to fail for an hour or slightly more

Re: [FW-1] Nokia clustering

> > In the IPSO documentation you can read that Nokia recommends that the two > > cluster protocol networks are dedicated. Has anybody experiences with > > cluster networks not being dedicated, i.e. sharing with FW-1 sync network > or > > with a real production network? I know of one very large co

Re: [FW-1] Checkpoint SecuRemote and Novell Client Compatibility

I have seen the exact same issues with FP3 and AI SecuRemote client on windows 98. Unfortunately I have not found a solution to this yet. In fact I also had issues with Windows 2000 and a Novell client drive mappings, especially when secure client started up the drives were already mapped. If t

Re: [FW-1] Checkpoint SecuRemote and Novell Client Compatibility

Hi, I work fine to access Novell fileserver with Securemote. I work with two scenarios: 1)NAT fileserver & 2) VPN community. Do you have applied a rule to access yr Novell fileserver with NCP service(Novell Core Protocol)? Which scenario are you working? Aldo Loaiza CCSA, CCSE www.infosup.com

Re: [FW-1] SecurID with ACE

If you have RSA as a vendor you are entitled for free technical support. My experience was very positive. Just call them and ask for assistance. Best regards, Roman M. Zeltser, @National Computer Center DNE, RSIS -Original Message- From: Daniel Samaan [mailto:[EMAIL PROTECTED] Sent: Thur

Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message

If this type of trafic is legitimate, you can try this. Modify the user.def file on the management station and enter the follwing line: deffunc user_accept_non_syn() { (src=x.x.x.x, dst=y.y.y.y) }; or if it's always the same port deffunc user_accept_non_syn() { dport = xx }; or you can try thi

Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message

According to the Resolution 14805 of Nokia, The firewall receives a new connections with the same port/service as a connection that was recently closed. (and because that is still in session table of the firewall, firewall drops this session), the solution of it (again it is in the resolution) i

Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message

Hello, it is not a matter of speed or lack of it, so increasing the timeout won't fix it. According to the message you get on your log, you have an already established connection (the 3-way handshake for that session has been completed). Your firewall intercepts a packet of that session that has S

Re: [FW-1] how to take CMA backup

Thanks Ben, Let me explain my problem in details I got two provider-1. I want to take shift only certain CMAs from one provider-1 to another one. Now both provider-1 are running on different sets of IPs and different nomenclature, so in that case , how does I take the backup from one provider-

[FW-1] Tunnels behaving strangely

Hi Gurus, Have two sets of two Nokia IP330s (in HA) that support tunnels between two sites. Traffic from B to A flows 24x7 without trouble. Particular traffic from A to B (HTTPS from a server at A to a server at B) seems to fail for an hour or slightly more at a time, every few days. During

Re: [FW-1] Nokia clustering

Steffen, I had tested IP clustering on two IP 380, IPSO 3.7 and NG FP3. I had used one interface as FW-1 sync , and clutser was define on internal and external interface and worked perfectly fine... On the clutser network only , you can use the production network. you can test this out !! I hope

[FW-1] NG AI - Non-default directory [Was Security Desktop]

I've found that you can have a few problems if you install the CheckPoint Software at a non-default directory. In my case, for a backup purpose, I wanted that all the software was installed at the drive d:. If I installed it directly on the drive d: the previously described problem occured. There

[FW-1] Checkpoint SecuRemote and Novell Client Compatibility

Hi Gurus, I am facing problem on many user PC's running Windows 98 when trying to install SecuRemote, Novell Client is not able to connect to Server and can not map drives after SecuRemote client is installed. Anybody has encountered the same problem. I have tried it with latest version of Novell

Re: [FW-1] how to take CMA backup

Atul You could just take a tar backup of the CMA directory. BC On Thursday, July 24, 2003, at 08:58 AM, Security Operation Center wrote: Hi folks, For Provider-1 NG FP3 running on solaris , how do I take the backup of a particular CMA.. Any guidelines , any help !! Regards, Atul Dalal ==

[FW-1] Virtual interface on Secureplatform

Hi, I need a virtual interface on my Secureplatform NG FP3. How is the best way to apply this? If you connect with the webui you can only edit the interface and add VLAN's. I have added the interface with ifconfig as eth2:1 but when i reboot the interface dissapear. I think i have found the fil

[FW-1] how to take CMA backup

Hi folks, For Provider-1 NG FP3 running on solaris , how do I take the backup of a particular CMA.. Any guidelines , any help !! Regards, Atul Dalal = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the

Re: [FW-1] error msg "cannot find secureclient user license"

Hi, Yes but as you get the VPS license together with the VSC license or with some unlimited licenses, I thought that if he had the VSC he would have the VPS too ... Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSE-NG Hewlett-Packard

[FW-1] "th_flags 2 message_info SYN for established connection" Message

Hi, I am getting the message in the subject field ( th_flags 2 message_info SYN for established connection) for some our clients, after doing a quick research I found out that those are mostly GPRS customers (and I guess they are slower than usual), as a solution to that, would it be enough to

[FW-1] Create New Database Version

Hi! We have a NG-FP3 on Win NT installed. Now, we have create a new GW and some new Rules, we become the following error message if we install the Policy. Frist at comes "Create New Database Version". If we filled out the fields the error message "Failed to create a version" comes up... We can i