hi,
do you use the default-shell of nokia?
are you local admin?
do you use the latest upgrade_export tool or an old one?
cheers
reinhard
At 01:08 15.12.2005, you wrote:
Hi all
Somebody knows why this error appears? I have a R55 on
IPSO 3.8
# ./upgrade_export -d prueba.tgz
You are required
Thanks! Got it. I just love this mailing list!
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Manjula
Kularathne
Sent: Thursday, 15 December 2005 1:01 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] VPN quesit
Rather than use "any", you are usually better off to define explicit
services. Some dynamic services don't match for "any". Besides the
fact that it is inefficient and insecure.
As for part 1 though, what kind of traffic are you trying to do from
the terminal services manager to the remote
Have you defined the VRRP multicast address as being behind one of
the other interfaces?
On 14 Dec 2005, at 22:52, Oliver wrote:
Hello everybody.
I have 2 Nokias with VRRP configuration, NG with AI
R55. When i check the antispoofing feature on External
interface (in Cluster Topology) the exter
Thanks RK!
I can see it now!
Cheers,
Clive
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Ramakrishnan Pillai
Sent: Thursday, 15 December 2005 1:34 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] VPN quesito
Thanks. Compared all the properties of PIX and R55. The "Support key Exchange
for Subnets" is already checked. Still no luck. Same message...RK
>>> [EMAIL PROTECTED] 12/14/05 5:37 PM >>>
In SmartDashboard, go to the interoperable device
object Properties (representing PIX), look for VPN -
VPN
Your policy may be traditional mode. You have to convert or migrate to a
simplified mode policy to use VPN community. You can create site-to-site vpn
though with the traditional mode, but using VPN communities it is much simpler.
RK
Ramakrishnan Pillai
Network & Security Administration
Team C
Your policy is in the traditional mode.
You've to change from traditional to simplified mode to see the vpn
column. (Policy -> convert to ..simplified VPN.
Before all that... read the below document carefully. (u cn find that in
SecureKnowlage)
Virtual Private Networks NGX (R55)
-Original M
Hi,
One more thing is I don't even have the VPN Manager Tab. Is that something
simple?
Cheers,
Clive
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Lars Troen
Sent: Thursday, 15 December 2005 12:02 PM
To: FW-1-MAILINGLIST@AMADEUS
Hi Lars,
Thanks for your quick reply. I have checked. I have got the VPN checked. I
am sure we have got the license. Is there any quick way to check to confirm
that we have the VPN license?
Thank you!
Kind Regards,
Clive
-Original Message-
From: Mailing list for discussion of Firewall-1
> I have found some doco on the net. However, on my
> SmartDashboard. I couldn't find a 'VPN' column. I am using
> SmartDashboard NG with Application Intelligence (R55) Build 127.
Check that your firewall object(s) has vpn as a property and I guess you
might also need a license.
Lars
=
Hi all,
I am new to CP. I would like a help of setting up a VPN tunnel from our LAN
to another external company' LAN.
I have found some doco on the net. However, on my SmartDashboard. I couldn't
find a 'VPN' column. I am using SmartDashboard NG with Application
Intelligence (R55) Build 127.
It w
Do you have the smartcenter (management) in your nokia?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Agüero,
Jose
Sent: Miércoles, 14 de Diciembre de 2005 06:09 p.m.
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-
Hot fix HFA17 for version R55 is out there and I installed into production
todayHas anyone encountered any problems that I should watch out for?
Regards
-
Yahoo! Shopping
Find Great Deals on Holiday Gifts at Yahoo! Shopping
===
Hi all
Somebody knows why this error appears? I have a R55 on
IPSO 3.8
# ./upgrade_export -d prueba.tgz
You are required to close all Check Point clients
before the Export operation begins.
If the export fails, stop Check Point services and run
the upgrade_export command again.
Press ENTER when
I'm having some problems with a new ipso cluster. We are segmenting an
extranet, application, management and db subnets with this VRRP cluster. We
are doing the same thing at another site running R54 and rule base is
derived from the R54 cluster currently in production. I'm having basically
two is
Hello everybody.
I have 2 Nokias with VRRP configuration, NG with AI
R55. When i check the antispoofing feature on External
interface (in Cluster Topology) the external interfase
of standby member becomes a master, so i have two
master interfaces and most services goes down.
the problem is the vrrp
In SmartDashboard, go to the interoperable device
object Properties (representing PIX), look for VPN -
VPN Advanced and uncheck the box: "Support key
Exchange for Subnets"
I hope that helps.
Regards,
Oliver.
--- Ramakrishnan Pillai
<[EMAIL PROTECTED]> escribió:
> Thanks for the detailed reply
Thanks for the detailed reply. Let me cross check everything...RK
>>> [EMAIL PROTECTED] 12/14/2005 10:45:06 AM >>>
Parameters are not identical. I've run into this many times. For example, if
policy on PIX ends up offering you DES/3DES/MD5/SHA1 (Phase-1), but the
Interoperable Device representi
delete the entry in ~/.ssh/known_hosts for your server you are ssh-ing
to. because you changed the
sshd server you also changed the server key.
after removing the entry (172.16.3.128...) on your "cpmodule" do a "ssh
[EMAIL PROTECTED]" and you
will be asked again to verify the servers fingerpri
Hello,
I'm running a SecurePlatform (R55 - build 110 - HFA 17) on a VMWare ESX server
and the vmware-tools are required to get better memory and time management on
Linux and also a clean shutdown from ESX management tools.
I got RedHat 2.1 perl and tools required to run the vmware-tools i
Hello,
I have automated monitoring and log transfer from a SecurePlatform (R55 -
build 110 - HFA 17) thanks to ssh in scripts.
Since the target server has been upgraded to RedHat 4 (OpenSSH 3.9p1), the ssh
connection failed without explanations:
[EMAIL PROTECTED] ssh -vvv [EMAIL PROTECTE
Running NGX R60 with hfa1 on splat
Radius Server : Radiator
I am trying to configure the fw-1 for VPN connections. If I create a
user in FW1 and give it a password, I can connect with SecureRemote and
everything is ok.
Given the number of staff and students we have, this is not really an
option for
Parameters are not identical. I've run into this many times. For example, if
policy on PIX ends up offering you DES/3DES/MD5/SHA1 (Phase-1), but the
Interoperable Device representing the PIX has been set up for 3DES/SHA1, it
will fail. You got to match exactly, not just have a match. Painful, bu
I was trying to figure out why we were loosing logs
last week, I was going over my configuration on my
Nokia IP-380's one of them had DNS entries in the
configuration.
I removed them so we have no DNS servers for the Nokia
to use. I am no longer dropping logs, Traffic is
flowing a lot smoother.
This should be caused by Smartdefense. Check your smartdefense rules. This is
related to Malformed packet (Client to Server) CPAI-2003-11
CPAI-2003-32
CPAI-2004-11
RK
>>> [EMAIL PROTECTED] 12/14/2005 9:18:29 AM >>>
Good afternoon.
I have a customer with several site to site and meshed VPNs,
While doing a site-to-site between R55 and PIX we are getting "Message from
peer: No proposal choosen" at checkpoint end. Using preshared secret and all
parameters are identical. Any idea where to check for.
Thanks in advance.
RK
=
To set vacat
Neil Kemp wrote:
Good afternoon.
I have a customer with several site to site and meshed VPNs, running a
mixture of R55 firewalls (Nokia) and IP40's.
They are getting a reject message on some RPC traffic, going between
encryption domains, rejecting on EPMAP and rule 998
Any ideas ?
==
hi,
I guess this drops are between win2k3 servers with SP1.
check the microsoft KB for a solution ... (I know there is one)
cheers
reinhard
At 15:18 14.12.2005, you wrote:
Good afternoon.
I have a customer with several site to site and meshed VPNs, running a
mixture of R55 firewalls (Nokia)
Good afternoon.
I have a customer with several site to site and meshed VPNs, running a
mixture of R55 firewalls (Nokia) and IP40's.
They are getting a reject message on some RPC traffic, going between
encryption domains, rejecting on EPMAP and rule 998
Any ideas ?
==
30 matches
Mail list logo