You don't need to specify the LICENSED
interface.. This is incorrect. Use the interface that you
want the sync to happen on. Make sure you specify BOTH interfaces in your putkey command eg: fw putkey my.local.ip.interface
remote.firewall.interface and do this on both firewalls.
Just for curiosity: Does you shared secret contain one of the following
chars:
!@#$%^&*()_+-={}[]\|`~
?
- Original Message -
From: "Hans-Joachim Hoetger" <[EMAIL PROTECTED]>
To: "fw-1 Mailinglist" <[EMAIL PROTECTED]>
Sent: Friday, May 04, 2001 10:23 AM
Subject: [FW1] Auth with RADIUS
Carl,
Another reason why it's dangerous to allow ICMP to all of your hosts is
because it allows for the use of a ping sweep to determine the addresses of
devices behind your firewall. Once that has been determined, a hacker can
then begin banging away looking for additional weaknesses.
Noel T.
Title: RE: [FW1] Problem with Websense & Checkpoint
Yes we have seen this. In most cases it is the HTTP security server that is causing the Firewall to slow down. Do you see the in.ahttpd deamon taking lots of CPU resources on your Firewall ? If so, then the sec. server is most likely the issu
Just remember: Beside the fact that your installation supports VPN (because
its build - DES + STRONG) you need the license for that. ;-)
Best wishes
Aylton
- Original Message -
From: "Matthias Leu" <[EMAIL PROTECTED]>
To: "Sim, CT (Chee Tong)" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Hi there,
We've got 3 embedded firewalls running on Alcatel omniswitches. We use a NT
4.0 SP6a with fw 4.1 for enterprise management. Everything works except the
active log which remains empty.
Any ideas guys or girls ?
Jochen
=
RE: [FW1] NT Domain Regsitration through FIrewall-1
http://www.rtek2000.com/Tech/InternetSecureLinks.html#ids
=
Best,
Roman M. Zeltser RS Information Systems, Inc.
410-966-6192 NCC, DNE
*** Securing your retirement money from
ha
Look here for a list of the tools:
http://www.rtek2000.com/Tech/InternetSecureLinks.html#report
The index list contains the links that are related to multiple issues we
meet every day (Intrusion Detection, protocols, reporting, viruses,
performance, filters, certifications, hacking, tools, , HA/
fw printlic shows the current licenses installed in you system
- Original Message -
From: "David Gollop" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 04, 2001 3:53 AM
Subject: [FW1] how to know we are at unlimited user license?
>
>
> how to know we are at unlimited user
Larry Milliken, USLEC wrote:
> Currently having a problem with Websense v3.1 & Checkpoint Fw4.1/SP2
> The Websense is on a NT4 box, the FW4.1 is on Solaris (Both OS with latest
> patches/ServicePacks)
>
> Over a period of a couple of days I begin to lose resources on the Unix box
> to the point
You'll need to set up a trunk. I'm not sure if you can trunk any number of
interfaces,
but you can research that. There are some conventions and guidelines
regarding
setting up trunks on Solaris that you can get from sun.com. Also, you
network people
will need to setup a channel on the switches
Hey folks,
I was about to setup a VPN on a new firewall I just
built when I noticed tha the VPN tab shows no available
encryption schemes. I press 'edit' and it justs sits
there. The firewalls are nokia boxes.
I nedd to add ISAKMP/Oakley...how do I add it?
Thanks.
--
Dave Dunaway [[EMAIL
Hi,
I am trying to set up smtp security server on FW1- ver 4.1 build
41813. I have set up SMTP resource and installed policy. When I telnet on
port 25, the connection is ESTABLISHED and in.asmtpd starts. I remains in
this state however for long time and then times out. I don't see any wel
Fabio,
You CAN have DNS or WINS set to an internal resource.
Take a look on the public config. docs at CP's site or Phoneboy.
This is called the SR split DNS configuration.
It works fine and there's no need to set an internal DHCP since VPN-1 itself
will take care of the IP assignment using I
CheckPoint FW-NG (version 5?) will do this.
http://www.checkpoint.com/products/ng/ngmi.html
C. Paul Simons
Corporate Network Security Services
IHS Energy Group, Englewood, CO.
Main: +1 303 736 3000
Dir
Hi Paul,
I avoid using automatic NAT as they are more trouble than worth. I always
use
static NAT whenever possible.
2 reasons:
- more control
- static nat does not get allocated to all
policies unlike automatic
Hi World.
In Real Secure there are any way that I can view the log, as I can see in
FW-1. There are a .mdb file with all logs. In the documentation there are a
Log Viewer like in FW but I don´t find it. I´m using the trial version 5.0.
Regards.
Marcello
==
I would say for all new users, it serves it's purpose well.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paul
Murphy
Sent: Friday, May 04, 2001 6:06 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Automatic NAT Sucks?
Personally, I don't like the use of a
You need to setup a CAM entry in your switches that binds the two firewall
ports together.
I.e. you need to turn the switch into a hub, as far as these two ports are
concerned.
On your router, you also want to bind the MAC multicast to the VIP of the
complex.
Make sure you do that for each inter
I was only able to find the following article that I thought was close:
allocate_port: could not find a free port
Unfortunately, this is not the exact issue that we are experiencing. If
there's another article that may apply, but I haven't found it, I'd really
appreciate it if you would forward
Additionally,
http://www.rtek2000.com/Tech/InternetSecureLinks.html#faq
The index list contains the links that are related to multiple issues we
meet every day (Intrusion Detection, protocols, reporting, viruses,
performance, filters, certifications, hacking, tools, , HA/Load Balancing,
FW lists
I am having a problem since I installed secure remote on my laptop running
windows ME. I have installed build 4176. I was testing connecting through
my network card which goes through a cable modem which I know doesn't
always work. When the connection failed I tried to connect to things
outside
Hi Paul,
Clarification, you are trying to VPN into your internal network via the
firewall with SecuRemote.
If so, then the firewall needs an offical IP on the external segment.
Does the external router perform static NAT or dynamic NAT for the
firewall ?
What VPN encryption scheme are
This is a long message. Please read it only if certification and training are
important to you.
As a the manager of multiple Check Point ATCs this line of discussion is near and dear
to me. I am hoping that I am speaking for all the CP trainers. I could only be so
lucky.
All of us in the
Greg,
Thanks for the post. I guess I'm CP screwed as when I
requested a CP2000 CD, my reseller said "Sorry -- we
don't have anymore". What? Software subscription is
just a term :(
Thanks for sharing with the list :)
-- Chris
--- Greg Winkler <[EMAIL PROTECTED]> wrote:
>
> It's a problem wit
Group,
First time installing Checkpoint on Solaris 2.8 and had a couple of
questions on Harding the OS. I used the "how to strip down Unix" doc which
consist of about 60 steps from checkpoint and Sun security patches .
I was wondering is there anything I need to do to the kernel before
instal
It should be on the same disk that you installed CPFW from.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 03, 2001 2:01 PM
To: [EMAIL PROTECTED]
Subject: [FW1] 4.1 SP1 version of the GUI client
How can I get the 4.1 SP1 version of the GUI
Can you tell me where can I see if the Hybrid Mode is select ?
It's supposed to be in the IKE properties but I don't find it!
Thank's
To unsubscribe from this mailing list, please see the instructions a
I don't have any problems that are associated with
that error -- since any issues I have, I have had them
since v.4.0 SPx
Do you have CP support where you could ask CP?
Thanks -- Chris
--- Nils Kolstein <[EMAIL PROTECTED]>
wrote:
> Ah well, I'm glad I'm not the only one.. What are
> the sympto
Using 'any' is not a problem. However as was stated try to restrict unnecessary
traffic. Always restrict access to what is 'truly' necessary.
As far as ICMP. Simply create a rule that lets your users use icmp requests and let
the Internet get to your network with icmp replies. Yes people
30 matches
Mail list logo
