Re: [FW-1] R70 and HP DL380G5

ather popular platform -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Pedro Boavida Sent: May-25-09 1:06 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] R70 and HP DL380G5 Hi, Sinc

Re: [FW-1] R70 and HP DL380G5

en so neither CP has a solution nor anyone has been through this issue... both R70 (unofficially) and this model exists, let's say for almost one year? Any clues ? PB -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com]

[FW-1] R70 and HP DL380G5

vance Pedro Boavida Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist n

Re: [FW-1] StoneBeat and Checkpoint NGX

Hi, StoneBeat FC 3.0 SP4 with some new license supports NGX (R60). R65 is supported on Solaris 9 with SP5... You'll start to find that supported platforms WIN/LIN are deprecated Why don't you try ClusterXL ? Best regards, Pedro Boavida -Original Message- From: Mailin

[FW-1] SPLAT 2.6 and MPTSAS

31 d2 <81> 38 55 47 4f 4c 75 06 89 d0 83 c4 08 c3 f6 05 c3 29 08 fa 01 EIP: [] fwloghandle_sanity+0x9/0x70 [fwmod] SS:ESP 0068:b7e219d0 <0>Kernel panic - not syncing: Fatal exception in interrupt <0>Rebooting in 15 seconds..S Best regards, Pedro Boavi

Re: [FW-1] Integrity secureclient query

etween the policy defined on Integrity Server and the Policy Server. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of john maverick Sent: quarta-feira, 2 de Janeiro de 2008 3:29 To: FW-1-M

Re: [FW-1] Provider-1 and NAT

) ack 1460 win 8576 (DF) 09:41:10.978540 10.1.1.140.1691 > 10.250.97.9.18190: . ack 4224 win 64478 (DF) 09:41:12.150286 10.1.1.140.1691 > 10.250.97.9.18190: R 1460:1460(0) ack 4224 win 0 (DF) as you can see the in the tcpdump, host MDG 10.1.1.140 is the one actually sent the Reset. Anymore ideas? T

Re: [FW-1] Provider-1 and NAT

Are you sure that port 18190 still the only to be used in such communication ? Could you run a tcpdump on the MDG client side ? Regards, PB De: Mailing list for discussion of Firewall-1 em nome de Hugo van der Kooij Enviada: ter 13-11-2007 22:40 Para: FW-1-

[FW-1] Remote HFA installation

ion. Best regards, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe

[FW-1] FW-1 is blocking traffic on accepted rules

happen few minutes after policy installation, but it's weird because it only affects some of the traffic, not all. Reinstalling again stops the problem. This is an environment where SmartCenter and Log Server are within P-1 (CMA and CLM). Does anyone experienced this before? Best regards,

[FW-1] Integrity compliance rules

t find any. Best regards, Pedro Boavida

Re: [FW-1] Question about Floodgate

Hi, Did you checked wich interface has QoS at the network topology ? Best regards, -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: terça-feira, 4 de Setembro de 2007 15:59 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOIN

Re: [FW-1] Lea_Client issue

Hi, I found the solution for this problem and it was installing database into the CLM. Just for future reference... Best regards, Pedro Boavida -Mensagem original- De: Mailing list for discussion of Firewall-1 em nome de Pedro Boavida Enviada: seg 9/3

Re: [FW-1] Management high availability and database revision control

Hi, I believe the revision controls will only be available on the secondary management after saving/installing that policy package. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of No Name Available

[FW-1] Lea_Client issue

mm is not connected/Unable to connect (pre = 0) [ [EMAIL PROTECTED] COM 71168 got signal 131075 [ [EMAIL PROTECTED] destroying comm 71168 [ [EMAIL PROTECTED] Destroying comm 71168 with 1 active sessions [ [EMAIL PROTECTED] Destroying session 3 (ent=71078) reason=SIC_FAILURE (...) Best regards,

Re: [FW-1] VRRP traffic not showing up in Smartview Tracker log

regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Hugo van der Kooij Sent: quarta-feira, 9 de Maio de 2007 7:01 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] VRRP traffic not showing up in

Re: [FW-1] R60 to R65 migration problems

was affected by that NAT. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sergio Alvarez Sent: sábado, 5 de Maio de 2007 4:00 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] R60 to

[FW-1] Integrity Endpoint removal

Hi, Is it possible to remove an endpoint from the Integrity Server 6.5 ? Suppose that once a given laptop had integrity client and somewhere in time that laptop has gone or was formatted. I'd like to simply remove that endpoint from the Integrity Server database. Best regards, Pedro Boavida

[FW-1] SmartCenter to CMA

, is it possible ? I dont think so but has anyone did it ? I know cpmerge is not supported in P-1, and also I'm avoiding to use offiler objectdumper. Any Ideas ? Regards Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an

[FW-1] Another VPN issue wiht secureRemote

point returns all of its interfaces, but none corresponds to the one I'm contacting with, wich is a problem. Is there a workaround ? Best regards, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECT

[FW-1] Provider-1 Cpstat_Monitor

e/all CMAs ? Otherwise I will not get the usual alerts. Thanks in advance, Pedro Boavida

Re: [FW-1] telnet timeout : tcp packet out of state

Hi, Is the telnet the only service you have defined for tcp/23 ? Once the tcp session is established, I believe there are no different timeouts for each kind of subsequent packet. Best regards, PB -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTE

Re: [FW-1] dbedit

. ciao >From: Pedro Boavida <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 > >To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM >Subject: Re: [FW-1] dbedit >Date: Wed, 21 Feb 2007 16:03:52 - > >Hi, > >I wouldn&

[FW-1] HA sync problem on NG FP2

Hi, I have a (hot-standby) cluster of firewalls running Checkpoint NG FP2 on Solaris with Sync only. The cluster part is done by a third party software. In cpconfig the cluster xl/state sync is activated and when I run "cpstat ha" I get the following output: Product name: High Availability Versio

Re: [FW-1] dbedit

th gui nor with dbedit. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Paolo Riviello www.paoloriviello.com Sent: quarta-feira, 21 de Fevereiro de 2007 11:32 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.C

Re: [FW-1] dbedit

Sun SPARC Solaris 8 -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Mark Elsen Sent: quarta-feira, 21 de Fevereiro de 2007 11:14 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] dbedit > Hi, > > I've a strange er

[FW-1] dbedit

wing error: "T_event_mainloop_iter: select() failed: bad file number." Any ideas ? Thanks in advance, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add:

Re: [FW-1] Integrity Client installation issue

ailto:[EMAIL PROTECTED] On Behalf Of Pedro Boavida Sent: segunda-feira, 5 de Fevereiro de 2007 9:56 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] Integrity Client installation issue Hi, I've configured a package in IAS 6.5 (choosed a few options and added the license) but whe

[FW-1] Integrity Client installation issue

RODUCTMODE" Does anyone knows what could be happening ? TIA, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mai

[FW-1] LEA_CLIENT

en through this ? Best regards, Pedro Boavida

[FW-1] P1 and SecureClient

a way to avoid this behavior? I mean, a way to preserve the ICA for a given SmartCenter? Best regards, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mai

Re: [FW-1] NAT Hide Failure

at will consume multiple entries per client in you table. It seems that you reached that limit. I believe you have two options: - Reduce the TCP timeouts, in order to release resources more quickly; or - Use a pool of public IP addresses to hide your internal connections. Best regards, Pedro Boavida

Re: [FW-1] AW: [FW-1] SBFC Cluster SSL Error

somewhere under the (...)/etc folder. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Christoph Dollt Sent: quarta-feira, 25 de Outubro de 2006 8:22 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subj

[FW-1] Checkpoint users and passwords

Hi, Is it possible to migrate local Checkpoint's usernames/passwords to a directory service or radius db? Or it's only "portable" between CheckPoint SmartCenters? Best regards, Pedro Boavida = To set vacation, Out-Of-Offi

Re: [FW-1] Splat+Dell PE2950+Intel QuadPort 10/100/100 Card

Hi, I had to install HFA-04 for NGX R60 in order to have that particular Network Card working. SPLAT R62 is more recent than HFA-04 for R60, so I believe it would work. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL

Re: [FW-1] Intel Pro/1000 PT?

Hi, What's the SPLAT version you're running? I had some problems with another Intel NIC that was *only* solved with HFA04 for NGX R60. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Will

Re: [FW-1] SecureClient

Hi, Try to use the UDP encapsulation setting. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Alvaro Gastambide Sent: terça-feira, 17 de Outubro de 2006 15:21 To: FW-1-MAILINGLIST

Re: [FW-1] High Availability VRRP Outgoing traffic behavior

Hi, This is a very common scenario when you want to have vrrp and state sync. In such scenario ClusterXL is only used for state synchronization. Best regards, Pedro Boavida -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Lino

[FW-1] High Availability VRRP Outgoing traffic behavior

n all interfaces? Is there a configuration per interface? Thanks in advance. Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-

Re: [FW-1] NGX VPN Remote Access

-1 NGX using a client other than securemote/secure client >or Nokia clients? >In other words, does anyone ever tried to set a VPN remote access with >CheckPoint VPN-1 NGX using another IPSec gateway? I'd like to try this >because site-to-site VPN is not working in my particul

[FW-1] NGX VPN Remote Access

ke to try this because site-to-site VPN is not working in my particular environment. Best regards, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailin

Re: [FW-1] Site-to-Site VPN behind NAT

the VPN-1. That's why I supposed that the replies are not encrypted and sent back by the VPN-1. It might be missing some key/SA for that traffic direction. Best regards, Pedro Boavida Systems Engineer -Mensagem original- De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL

[FW-1] Site-to-Site VPN behind NAT

in the status. So, I am wondering if it's possible to have a VPN where one of the gateways is behind a NAT device. Best regards, Pedro Boavida Systems Engineer = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL P

[FW-1] Site-to-Site VPN between CheckPoint NGX R60 and Interoperable device using certificates

ode #3. Have anyone been through this ? Best regards, Pedro Boavida Systems Engineer = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-

Re: [FW-1] Radius/NT Groups

Hi, The problem is when I try to make a rule where a certain group of users (RAD_) that authenticate on radius server. Which doesn't work at all Even with those settings that turning true that attribute, etc.... Pedro Boavida = T

[FW-1] Radius/NT Groups

Hi, Is there workaround for authentication with radius/nt domain groups, since its not currently functional ? TIA, Pedro Boavida = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add

[FW-1] SecureClient Logs

Hi, I'd like to export the logs from SecureClient (FP3) since they are stored in binary format. I've searched secure knowledge, the lists, but I found no way to do it. The SmartView Tracker cannot open that format too. How can I do this ? Thanks in advance, Ped