cisco4ng wrote:
Hi all,
I am trying to understand the difference between running Checkpoint NGx R65
on IBM 3650 (Intel platform) versuses Sun X4200-M2 (AMD opteron) platform.
IBM 3650 is dual quad-core processors and Sun X4200-M2 is dual dual-core
AMD.
as you might know, AMD kind of screwed u
Fischer, Andreas wrote:
sin schrieb:
Current SPLAT does not support interface bonding, but CP is thinking
about supporting this feature sometime in the future (as the
guy from CP
that I talked to still has issues understanding why sticking
10Gbe cards
in a firewall is not always an option
said before, it's not an OS issue and your best bet would be the
controller documentation.
sin.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BO
carlopmart wrote:
Hi all,
After doing some tests with Connectra over 30 days I am very happy with
the product, but I have one question that I need to know after
implementing Connectra infraestructure on a production enviroment.
Supose that I haven't IDS/IPS on my network. How subsceptible is
cisco4ng wrote:
Anyone working with Dell Server 2950-III know how
the RAID-1 mirror works. Apparently, it did not work
the way I expected it to work.
I think this is something you need to discuss with Dell support.
Scanned by Check Point Total Security Gateway.
===
Richard F. Hart II wrote:
All,
Anyone using or familiar with any of the Ndurant Checkpoint Appliances? I am
just doing some research and would like to know how they compare to
Checkpoint Appliances, Dell servers, etc.
Thank you,
Richard
If they run Linux, they should have about the same perfor
Hugo van der Kooij wrote:
Or insert 10 Gb/s cards. Or bundle multiple Gb/s cards into a logical
interface. But I have not even searched to read if you can do that. Not
with SPLAT I guess.
Current SPLAT does not support interface bonding, but CP is thinking
about supporting this feature someti
Jan Egeriis wrote:
2008/4/29 sin <[EMAIL PROTECTED]>:
if you are unable to do a functionality upgrade to R65, you can install
RHEL3 or CentOS 3 and migrate to that. CentOS 3 supports the e1000 driver.
Thanks for your suggestion.
I have upgraded to R55 HFA_20, but it did not help.
Jan Egeriis wrote:
Hi,
I have a firewall running Check Point SecurePlatform NG with
Application Intelligence R54 build 142.
Currently it is using Intel e100 NICs.
Everything works fine, but I would like more speed.
I have bought new Intel Pro/1000 GT Desktop adapters.
I can't load the e1000 dri
pkc_mls wrote:
yes. beside the model number.
let's say you purchased a utm1 450 last year, and wish to set up an ha
or cluster.
if you purchase another utm1 450 this year, would you have the same
hardware inside ?
probably yes, because all vendors do stock up hardware for a lot of
time. but
pkc_mls wrote:
Hi all,
Does anyone know if there are different hardware releases for Utm1
devices ?
(or different part numbers, or anything else that could indicate the
hardware
can be different between two utm1 devices).
besides the model numbers ?
Is there a way to get the partnumber
Sergio Alvarez wrote:
Hello,
I have this customer who has everything running SPLAT R62 (multiple gateways
and a SmartCenter also running Eventia Reporter), recently he noticed a
message saying there was no active consolidation session on the Reporter, so
he tried to start the current one and it
cisco4ng wrote:
"are there any restrictions like :
could an ngx r65 smartcenter 2.4 manage a 2.6 gateway ?"
I have a ticket opened with our Security Provider for this exact scenario. I
will
post the response when I receive an answer from the vendor
I have a feeling it's gonna work without i
pkc_mls wrote:
David S. Barker a écrit :
If you're trying to do routing table lookups by source address, you
can use the ip rule command.
This is similar to route maps on Cisco routers.
this could be quite interesting.
but is it supported ?
officially no.
is there such a feature inclu
Torkel Mathisen wrote:
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-
[EMAIL PROTECTED] On Behalf Of pkc_mls
There is a cpclean utility available from checkpoint.
I assume there should be a secureplatform/linux version that will
perform the required task
Hugo van der Kooij wrote:
I can not give an authorative answer here. But the info I have makes it
unlikely they will add such a feature.
Right now I'm in Prague at the CP experience conference and I'll ask
thyem what's their official position on advanced PBR, many to few nat
(M:N), VSX roadm
e2/rt_tables
ip rule add from x.x.x.x/24 to y.y.y.y/24 table table1
ip route add default via q.q.q.q table table1
Linux won't do recursive IP prefix lookups to find out wheer to send
packets, or to say so: you can't route packets to an indirect next-hop
by just pointing a route at it (
Jim Johnson wrote:
I'm going to need to NAT some GRE traffic though a VPN-1 Edge and a R65
firewall. No VPN, just a simple NAT. I assume static one-to-one NAT will
work. Any chance hide nat will work? Any issues to be aware of, especially
with the Edge?
you will probably need to get an upd
Crist Clark wrote:
Do you really mean source routing? That is, using IP options
to specify the gateways through which a packet should or
must pass, depending on whether you do strict or loose
source routing. I believe FW-1 drops packets with IP options
by default, but that that is configurable t
Rufener [US], Robby E. wrote:
Does anyone know if you can manage an R55 firewall from a management
station running R65?
yes, you can.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an em
cisco4ng wrote:
Can someone help me with this issue?
I remembered having this conversation with both Nokia
and Checkpoint engineers when we rolled out Checkpoint
NG Feature Pack 3 on Nokia platforms. I recalled
that both engineers Checkpoint and Nokia told me
that the "SYNC" interface mu
Giacomo Fazio wrote:
Hi,
it is possible to disable SmartDefense for a set of internal IP addresses?
only for p2p apps, otherwise it's all or almost nothing.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away
Hugo van der Kooij wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
sin wrote:
| Jubei Trippataka wrote:
|> The point is that ps wont show the system CPU usage, so the first step
|> is to
|> determine whether the kernel is hogging the CPU or whether it's user
|> space
|>
processes by cpu usage (not ot
mention a lot more easier to read than vmstat output) and you can also
see if the system has to process a lot of interrupts.
sin.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Offic
Bill Smith wrote:
Hi Guys,
Does anyone have any idea on how to config office mode for R65?
It is not the same as R61 anymore and I am confused.
are you sure ? it's the same from R60 onwards. it's even simmilar to R55.
Scanned by Check Point Total Security Gateway.
===
Mick Toothaker wrote:
So this shows up as a reply to an existing thread, and not a new thread,
even though it has a new Subject: line?
threads are not distinguished by what the subject lines look like.
Mick Toothaker
Scanned by Check Point Total Security Gateway.
cisco4ng wrote:
Hi Jeremy,
Yes, please keep me update on this issue. I will have to do this soon myself.
You said:
"The only thing Iwas informed about is that there is no direct supported
upgrade path
from 2.4 to 2.6"
What about taking CMA files from a MDS R65 2.4 kernel
Lars Troen wrote:
Anyone else seeing this? I'm using the latest SmartDefense signatures. I can
access it if I disable SSL enforcement, but that's not really an option I want
to use.
Lars
Number: 449851
Date:12Mar2008
Time:
The firewall management process crashes sometimes, usually upon exit
from policy editor.
Eventvwr shows :
cpWatchDog: [ERROR] Process FWM terminated abnormally
: Unhandled exception 0xc005 (EXCEPTION_ACCESS_VIOLATION).
Would there be any fixes for this ?
Yes, install SP
Soad Gmail wrote:
I tried with the file permissions but still is not working, I debug both
client and server
try to rename authorized_keys to authorized_keys2 and try again.
sin.
Scanned by Check Point Total Security Gateway.
=
To set vacation
u a cd and
maybe some hints about installing the software.
balbbering here "why??? why oh, why, oh why???" it's not gonna help
you much.
sin.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Offic
carlopmart wrote:
Thanks Paul, but i can't download any checkpoint product to test. Always
I receive this error: "Insufficient Privileges for this File" ...
order a free mediakit or contact your local checkpoint representative to
give you an evaluation kit.
Scanned by Check Point Total Secur
Giacomo Fazio wrote:
I tryied a lot of hardware solution. But SPLAT was unable to boot from
Hardware RAID Configuration.
I tryied a lot of SATA RAID Controller,SCSI Controller. SPLAT never
booted...
The onlly message : Loading
do you have a serial port enabled on those machines ? :)
i
Giacomo Fazio wrote:
Hello,
i m trying to activate the RAID1 disk configuration in SPLAT.
I m using the mdadm tool and then setting the right GRUB booting.
Giacomo
checkpoint official position is:
"we consider software raid to be unreliable and therefore we do not
support it". (even though i
Reinhard Stich wrote:
hi,
it starts with R60 that the load on _all_ linux based systems/appliances
is 1.0 if you have a checkpoint module running.
that's actually a bug in procps from rhel 3 on which cp splat is based.
Scanned by Check Point Total Security Gateway.
===
Edouard Zorrilla wrote:
Sir,
Do I need to use dos2unix commands over all the files of upgrade_export
performed on a windows machine ?
no.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send a
Edouard Zorrilla wrote:
Hello,
Any ideas how to change a SmartCenter R65 from Windows to SecurePlatform. ? I
understood that I can not do that using export/import tool since if I perform
the export I need to use a import over the same platform, can I ?
use upgrade_export on the windows SC an
Lari Luoma wrote:
Hi,
What is the file where the static routes are stored in IPSO? I'm just wondering
whether there is any way to export them in a file...
look in /config/active file.
Scanned by Check Point Total Security Gateway.
=
To set vac
pkc_mls wrote:
Hi all,
is there a way to disable stateful inspection only between two subnets ?
the goal is to allow asymetric routing when the incoming router is not
the firewall.
I know the best option is to fix the routing, but is there a workaround ?
unless something changed in the last
Tom Louis wrote:
I have finally filled up out 800 Gig of disc on my Log
server and was curious as to what people are doing for
archiving these files.
rotate them and move them to a backup device :)
Scanned by Check Point Total Security Gateway.
===
cisco4ng wrote:
That's what I was told by TAC: "if you can NOT read the cpinfo output file with
infoview/p-1_infoview, neither can we"
other than ask them for a fix for your cpinfo issue i don't know what
else could you do.
=
To set vacation, O
also, make sure that you're using the latest cpinfo utility.
sin.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
Miguel Nuno Cardoso Fernandes Ferreira wrote:
Is there any way on configuring the VPN tab to appear (on R60 and R65)?
Edit the properties of the firewall object and check the VPN checkbox
then click ok and after that the VPN tab should appear.
Scanned by Check Point Total Security Gateway
carlopmart wrote:
Thanks Sergio. But in this link doesn't appears any x64 bits platform. I
need to install an enforcement module (RHEL3 x86_64) and a Smartcenter
server (RHEL4 x86_64).
Can I do this?? I haven't found any reference on secureknowledge about
this ...
so far only solaris is a s
Sidney Boumendil wrote:
Securemote doesn't offer Office mode.
I have setup office mode with only securemote for customers in the past
and worked fine (with NGX).
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office
pkc_mls wrote:
No Name Available a écrit :
Hi All
I have just built a nokia vrrp cluster running r61 hfa002.? Do I need
to put any extra licenses for secure remote remote access clients or
secure remote doesn't need extar licenses.
__
securemote/secureclient requires a specific l
m.a.t.e.o wrote:
Anybody knows how can i do to configure the SNMP daemon (version,
community..etc) in my firewall?
I´ve NG_AI R55 installed on Solaris 9
I´ve enabled the "SNMP Extension" in the "cpconfig" menu, but i dont find
the others options like community, version, OID...etc
you need to ha
Alex Hayes wrote:
I have severals messages of:
TCP packet out of state: First packet isn't SYN; tcp_flags: RST
TCP packet out of state: First packet isn't SYN; tcp_flags: RST
TCP packet out of state: First packet isn't SYN; tcp_flags: RST
TCP packet out of state: First packet isn't SYN; tcp_flag
Chris van der Merwe wrote:
Hi Guys,
I am working with a Standard Traditional rulebase. I want to now add QoS rules to
this base. What is the best way to approach this? I have gone the route from the
SmartCenter of File -> New and then choosing a QoS policy and then I have
choice between Expre
Roberto Lauriola wrote:
Ok with the upgrade_export on the Windows 2003 Server machine with NGX
R60 HFA2.
But when I run upgrade_import on the SPLAT R65 the process stop with
this error:
>ReadDataFromConfigFile: Error >> SetInsalledPlugins failed,
configuration file had no Plugins record
>CC
Roberto Lauriola wrote:
Hi all,
I'm planning to upgrade my Firewall from NGX R60 to R65. The R60 is
installed on a IBM PC with Windows 2003 Server, the new machine is a HP
ML350 Server with Secure Platform R65 installed without problem.
My intention is to mantain the security policy as they ar
Jeff Nagel wrote:
Our ISP is giving us a new subnet for our network which will require us
to re-ip our firewall external interface. My question is, do I have to
wait until the day of the actual cutover to generate a new license file
with the new ip address or is this something I can do ahead
Ray wrote:
Nah, the two grand is for understanding multi-core processors. The 2.6 kernel version is "free." The "Messaging security" one is for anti-spam.
Hehe, yeah, like they need to reinvent SMP or something :))
=
To set vacation, Out-Of-Offic
Ray wrote:
That one is so new I don't even know if there is a license price yet.
yeah, another 2000usd for bringing the cp kernel from the stoneage to
the modern times at a 2.6 kernel version :))
=
To set vacation, Out-Of-Office, or away messag
- output_file
cpinfo (I:0111):Done
# ls -lh output_file
-rw-r--r--1 root root 44M Nov 22 02:04 output_file
hth,
sin
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an
cisco4ng wrote:
can someone explain to me why my upgrade_export is not working?
dca-Nokia[admin]# fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R65) HFA_02, Hotfix 602 -
Build 006
dca-Nokia[admin]# cpstop
why do cpstop ?
cd $FWDIR/bin/upgrade_tools/
./upgrade_export myexpor
Clive Luk wrote:
Thanks Sin!
Is that really free? How can I get myself a copy? Can I set it up in my
NGXR60 cluster environment?
you already have it, just check the QoS properties on on the
modules/cluster and then add your rules in the QoS tab
sin wrote:
Scanned by Check Point VPN-1 UTM NGX R65 with Messaging Security
Am I the only one seeing this message on the list ?
Or is Check Point advertising their products now on the list ?
sin.
Scanned by Check Point VPN-1 UTM NGX R65 with Messaging Security
Clive Luk wrote:
Dear List,
I am wondering if checkpoint can handle bandwidth throttling. I am currently
running R60.
Yes, it's called Flood Gate in checkpoint and as of NGX is free of charge.
Scanned by Check Point VPN-1 UTM NGX R65 with Messaging Security
=
john maverick wrote:
Thanks and appreciate BUT really wanted to know HOW do we get to manage VPN
EDge all by itself without involving SMP
by using their web interface. it's pretty much point and click, nothing
complicated at all.
=
To set vacat
Bill Smith wrote:
Guys,
Does anyone know how to copy file to SPLAT?
Tried ssh and got connection refused.
Same as winscp
enable scp in sshd_config and it's gonna work.
sin
=
To set vacation, Out-Of-Office, or away messages,
send an ema
No Name Available wrote:
Thanks Reinhard, If I change the ip address in user.c file via script
this should work? Right. Do I need to restart any services / processes
etc.
Stop SecuRemote/SecureClient, modify the file, start
SecuRemote/SecureClient.
sin
Gary Scott wrote:
Hey guys, anyone been successful in getting HFA-02 for R65 installed?
Had a win 2003 SCS that would not let me in to the gui after applying
this hfa, "make sure server is up and running". No time to trouble shoot
so a scratch install was performed and the hfa left off. Trying to
; in the /etc/rc.local file so
that gets executed after the machine boots up (the sleep is pur there to
ensure the policy has finished loading the initial policy before
removing it).
or, if you wann be hardcore: read the pdf linked from #sk21436 and
create your own custom
Reinhard Stich wrote:
hi,
performance-pack accelerates VPN and network throughput (at NIC level).
coreXL accelerates traffic that needs lot of CPU - for example smartdefense.
You will have more fwd-processes.
a, I get it now. thanks for clarifying this.
Edison Aguayo B. wrote:
I have read some documents in secureknowledge that talks about
- increase the number of http security servers (actually -4 in both modules)
- change MSS to 1460 (actually 1024 in both modules)
- use UFP caching control --> VPN1 Pro/Express (one request)
we have som
Reinhard Stich wrote:
At 18:38 26.10.2007, you wrote:
Reinhard Stich wrote:
hi, coreXL is not part of r65 but there is a r65 based beta of core
XL available
What is supposed coreXL to do ?
loadsharing between CPUs / cores.
means:
take real advantage of multi-cpu- or multi-core-hardware.
-
Reinhard Stich wrote:
hi,
coreXL is not part of r65 but there is a r65 based beta of core XL available
What is supposed coreXL to do ?
sin.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of
carlopmart wrote:
I have do it but antispoofing messages appears ...
i'm using cp on an centos 3 and after I defined my vlan interfaces, I
just did a get interfaces with topolgy and the vlan interfaces appear in
the topology tab.
I linux, in order for the vlan trunks to work, also the base
Robby Cauwerts wrote:
On 10/24/07, Hugo van der Kooij <[EMAIL PROTECTED]> wrote:
Given the choice between SSL VPN and IPSEC VPN I will choose IPSEC 8
days of the week.
Hugo.
Why?
I only see benefits when using SSL VPN's instead of IPSEC VPN's, as
discussed over and over:
- (depending on th
carlopmart wrote:
Hi all,
Somebody knows if exists some plan or roadmap to release a NGX version
for rhel4 or rhel5?? or beta program ...
a CP tech guy that I met a while ago in Warsaw said that maybe next year
they'll release a version for 2.6 kernel series.
afaik there is no public plan
Pedro Boavida wrote:
Hi,
I need to remote install HFA_05 on NGX R60 (crossbeam platform: SmartCenter +
Gateway) but have no SmartUpdate license. Is it possible ?
I was wondering if stopping checkpoint with "cpstop -fwflag -proc" and then
running UnixInstallScript will work without breaking my
cisco4ng wrote:
It is easy for all of us to make recommendation without knowing all the facts.
I too is facing the dilema of going to R55 to NGx R61/R65. We are running
on Sun iForce platforms (intel not SPARC) and we are going to either to go
with
Sun new M2 platforms or Dell. Pro
cisco4ng wrote:
"In your previous emails you said that your customer is now at r55 hfa20
and the mssp will migrate this cma to r65 hfa01. this means you won't
have to do the migration yourself."
MSSP will do the migration from R55 hfa20 to R65 hfa01 BUT I have to
do a proof of concept t
cisco4ng wrote:
currently:
customer: CMA NG-AI R55 w/ hfa-20
MSSP: CMA NGx R65 with NO HFA
in about 2 weeks, MSSP will upgrade their P-1 to HFA_01.
the customer CMA will be migrate to NGx R65 with HFA_01 from R55.
This is what I will be dealing with:
customer: CMA NG-AI R55 w/ h
cisco4ng wrote:
This is what I have to deal with:
Source: CMA with R55 w/ HFA_20
Destination: CMA with R65 w/ HFA_01,
David DeSimone stated perfectly. By the time I am ready to do
a CMA migration from R55 to R65, the MSSP is already running R65
HFA_01. Therefore, I have to test the CMA mig
Alan Choyna wrote:
l have greatly appreciated everyones input on my question. It has been
very informative.
Whilst most of the usage will be browser based for our Windows, Mac &
Linux users, we also use SSL, DB management and Secure FTP software as
well Does this change the selection at all?
cisco4ng wrote:
I am referring to the fact that when I migrate a cma from R55 to R65 with
NO HFA, everything works. When I migrate a cma from R55 to R65
with HFA_01, it does NOT work. It seems to me that HFA_01 has
issues. I am just one of those many victims.
maybe you should try to i
Chris van der Merwe wrote:
Has anybody seen something similar before, or perhaps I can post some more
information if you suspect what I should look for?
try to get a managed switch and see if any packets leave from the NIC
when you ping other hosts on the network.
sin
Alan Choyna wrote:
Hey Guru's,
l don't want a flame contest or anything here, but am wondering which is
the better VPN over SSL solution, Checkpoint or Juniper?
We have checkpoint appliances so am wonder if checkpoints solution are
more integrated, and basically whether it holds a candle to
the latest CentOS or any newer version of RHEL? As far as I can tell, only RHEL
3 upd 5 is supported, right?
I'm running r65 on a inhouse built server for about the time it was
realased on CentOS 3 laster update (I do yum update from time to time on
it) and I don't have any issues
Thorsten Mandau wrote:
Hi,
< We noted that NAT rules were never matched. Then we found that groups
< and ranges get expanded for NAT rules.
I don't want to use these ip range objects in our NAT rules. We just need
them in our security rulebase. So, would there any problems using them in
the s
need to source the
file, e.g.:
#!/bin/sh
. /opt/CPshrd-R65/tmp/.CPprofile.sh
the rest of your script
sin
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist n
No Name Available wrote:
Thanks Sin,
What would be the effect of turning smart defence and webintelligence
services on services on on the gateways in terms of proc and mem
utilisation.
given the fact that turning that on will require taking a deep look at
how the protocol is respected and if
No Name Available wrote:
I am currently using r61 on my gateways which protect our website. I
don't have smart defense or web intelligence services turned on at the
moment. Recently I have seen increasing amount of DDoS attacks against
our site. I just wanted an advice on how effective it would
Ray wrote:
R60 & R62 six months ago, but not the centrally managed R62. Except for log reviews, there really wasn't much change in the environment. Probably the biggest issue we had was the limited anti-virus vendor support with Connectra. We had vendors using major vendors such as McAfee, but the
pkc_mls wrote:
Peter Addy a écrit :
Hi All
please help urgently, does anyone know how to retreive the expert
mode passord or reset this on a Secreplatofrm box, the box does not
have a cdrom drive and therefore cannot use the cd provided, and was
wondering is there any orher way at all???
Sergio Alvarez wrote:
Hello,
I have this customer who has a 3COM NBX on his network and would like for
the SecuRemote users to be able to use their softphones while on the road.
The problem is, for that to work, the clients must join an IGMP group using
their VPN connections and that off course,
Chris van der Merwe wrote:
Hi Guys,
I have a simple question. We have a ClusterXL - Load Sharing Add-on for VPN-1
cluster up to 500 users. We also have 2 licenses for the gateways: 1 x High
Availability VPN-1 Gateway and 1 x VPN-1 Express Gateway .
Why when I create the cluster in the SmartCe
Crist Clark wrote:
What's the word on the street (or official in the unlikely
event that it is available) when the next SecurePlatform
will be out? What distro will it be built on and what kernel
will it have?
some checkpoint devs say that maybe next year they use a 2.6 kernel so
the only two
David Glosser wrote:
- Or
Interesting Is there a performance hit in doing this?
depeding on amount of traffic you can get delays in web surfing.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in th
cisco4ng wrote:
I have a question for gurus in this forum:
With Cisco Pix/ASA firewalls, with the right setting like this:
logging on
logging timestamp
logging facility 19
logging host inside 192.168.1.1
logging trap 6
With these settings, hosts from the internal network, when surfing the
inte
ut SPLAT just to get away with it very quickly, especially for
fire and forget type of installs at some customers.
sin
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
se
Hugo van der Kooij wrote:
On Sun, 2 Sep 2007, cisco4ng wrote:
I need an advice from folks who are expert with SPLAT.
How do you add another NIC into an existing firewall
without having to renumberring the interfaces? For
example, let say that I have 4 interfaces on the
SPLAT Enforcement Modu
Rick Osterberg wrote:
best option is to go with UTM-1 appliance. It has no user limit. All
you need extra is to move the license for secureclient (if you use
secure client and not securemote for remote access)
But the UTM Edge appliance can also be configured for no user limit,
correct?
My
Rick Osterberg wrote:
Is there anywhere that has a good comparison between the UTM-1, UTM Edge
and [EMAIL PROTECTED] product lines? There are plenty of comparisons among
different models in each line, but I can't find anything that compares
the entire lines to each other.
I've currently got
cisco4ng wrote:
> We have an option of upgrading to either NGx R60 with HFA_05,
NGx R61 with HFA_02 or NGx R65. We only use the firewalls
as firewalls, NO VPN whatsoever. We're also looking at using
some of the smartdefense and web intelligence capabilities in NGx.
By the way, we will not be u
cisco4ng wrote:
Thank you. However, this requires that I have to select "YES" when I run
sysconfig and have install checkpoint synchronization, correct?
wrong.
My question is that during the initial "sysconfig", I select "NO" when asked
about installing Checkpoint synchronization. Later on
Frank Sackewitz wrote:
Hi,
which Softphone you are using? I only got it running with Phoner
(http://www.phoner.de/index_en.htm).
i'm using a cheap hard phone made in china :)
The reason is that Checkpoint is doing NAT, even if you have told that you
did´nt want it. This feature is called "
te B I can open
the web interface of the phone, but SIP is being dropped and I'm
wondering if any of you came across this issue and how did you manage to
fix it ?
site A enforcement module is NGX R65, site B enforcement module is NGX
R60_HFA0
1 - 100 of 293 matches
Mail list logo