Unfortunately Thuy left out the most important addition to objects.c in the
:props section add the following line
:http_force_down_to_10 (true) This will cause any http 1.1 conections to be
made as 1.0 connections.. Much easier than trying to disable it at the
browser...
-Original Message--
Title: RE: [FW1] Advice on FW-1 performance with Trend VirusWall and eManager CVP
As
Darrin said, you will want to load balance the CVP features using CVPM.
Information on this ios avaolable in the .pdf docs on the CD and in the CP
course and admin guide. Choice of operating system should b
Get the watchguard soho10 it works great. I use the tc model to connect
via ipsec to my corporate office from home. It cost about $600.
Good Luck
-Original Message-
From: John Kirby [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 08, 2001 5:02 PM
To: [EMAIL PROTECTED]
Subject:
I n
Tomasz,
Did you get a securemote license? It is free but you
still need to get it.
Yim
--- "Galazka, Tomasz (Telmax, Administrator)"
<[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I have a problem with Securemote (4176 SP-3, DES)
> connection to my internal
> networ trought FW-1.
>
> I have just
The CheckPoint CD is 4.1 SP0.
Yim
--- Aaron Brasslett
<[EMAIL PROTECTED]> wrote:
>
> I have what seems to be a relatively simple question
> that I just cannot seem
> to figure out.
>
> I am planning to upgrade from my current level of
> FW-1 to the latest
> release. Phoneboy's site states tha
Hi All,
I am having some problem pls suggest me.
Is their any procudure to block the prono sites thru firewall or any other product to
do this job. If anybody knows some procedures, pls mail it to me.
Thanks in advance.
SG
_
Chat with yo
Sounds like your encryption domain only includes your FW.
Chris
-Original Message-
From: Galazka, Tomasz (Telmax, Administrator) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 08, 2001 2:10 AM
To: '[EMAIL PROTECTED]'
Subject: [FW1] Securemote connection problems
Hi,
I have a problem
Hi Jonny,
Manual IPSec in Checkpoint Firewall 4.1 SP3 is broken. Try using IKE or
FWZ for your encryption.
If you do use Manual IPSEC, Right after the encryption on a packet errors,
you
should see an IKE daemon error message.
Joe
-Original Message-
From: jonny robertson [mailto
Has any one
successfully implemented these two.
Hi,
I would like to setup a Internet connection using 2 links to the internet -
(maybe ISPs) with (maybe) 2x2MBit/s.
|--|
|--|
| ISP1| |ISP2 |
| |
Yeap, reason: unknown established TCP packet
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Tuesday, May 08, 2001 11:35 PM
> An: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Betreff: Re: [FW1] rule 0 problems after upgrade from v40 sp5 to v
You have asymmetric routing, but we need to know more about your clustering
solution.
George
-Original Message-
From: Fitzner Daniel [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 2:39 AM
To: FW1-MailingList (E-mail)
Subject: [FW1] Problem with connecting to a cluster
Hello
If it were me, I'd put the RealSecure box on the OUTSIDE, so it can watch
for malicious activity on the inbound packets.
My $0.02
Dan Guinn
NetStar Communications
-Original Message-
From: Eliot Irons [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 08, 2001 10:16 AM
To: [EMAIL PROTECTED]
I believe this is because you have to run the cpconfig or fwconfig utility,
whichever is in your bin directory.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Rajesh
Sent: Tuesday, May 08, 2001 9:49 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Firewall upgra
Hi,
I think www.fish.com/titan would be your best bet. It is from someone who
has been/is working for SUN.
By the way, could you pls send me: "how to strip down Unix".
--Joerg
-Ursprüngliche Nachricht-
Von: Robert N. Correa [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 4. Mai 2001 17
Check through either sysctl -a or by viewing /etc/sysctl.conf to see if
you are allowing for the proper kernel module to issue answers to proxy arp
requests. (6.2 configuration, 6.1=/etc/sysconfig/*)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Beha
Have you issued the license (wy back) to IP or to hostid? If to hostid, any
hardware change needs a new (moved) license.
Bye
Volker
Rajesh schrieb:
> Hi,
>
> I just upgraded the firewall from ver 3.0b to ver 4.0 on a new E220R box
> (solaris 2.6). When I start the Firewall it says
>
>
Title: FW-Error allocate_port
Hi to all.
This log record had been continuously recorded for about 40 minutes within over 100 repetitions. The Firewall went down aftermath. We had to manually reboot it.
May 9 14:34:28 dtfirewall01 [LOG_CRIT] kernel: FW-1: allocate_port: could not find a fre
Hi Laurent,
right now I´m facing the same Problem with W2k and SecuRemote SP3.
Do you see any "decrypt" log entries that indicate a successfull arrival of the
packets from the SecuRemote client? I guess not :-)
The strange thing is that it works on some other W2k Installations - but not on
tw
Hello everyone,
I need to configure my new http-proxy server in my DMZ.
My problem is that I can't define my proxy as internal host, only as
external.
Any new object I can define only as external.
Could anybody help me please?
I have got FW-1 VPN v.4.1 eec SP2
WIN NT 4.0 SP6
with 4 interfaces
Hi,
The
RPM for Shareutils is available on the Red Hat Linux 6.2 cdrom. You'll need to
add this rpm before you can install either SP2 or SP3.
You
might also need to add a couple of C library files in case they haven't been
installed. Also check if the gcc package has been installed.
Hope
Hi,
Since a few weeks I encounter the following problem when trying to save the
rulebase.. After a while the GUI shows a pop-up with "No reply from server".
It then continues to save the rulebase, which is succesful.. When I close
the GUI, it says "Incorrect reply from server (seq or subject mis
Hello,
we have a problem with connecting a client to a load balancing cluster.
The cluster consists of three machines with ip 192.168.1.1, 192.168.1.2
and 192.168.1.3. The client always connects to the ip 192.168.1.1 but
gets the answer packet from 192.168.1.2. If I have only the rules :
Source
>From my point of view this config has no sense at all.
If you have _proper_ config - even a single Cisco router with IOS/FW
can secure you in mosty situations.
If not - nothing will help, even a dozen PIX/FW1's...
To say more, most of the security breaches typically come from _inside_.
Securit
hola geraldo,
por fin, what did worked for you?
where i´m definetly sure about is that you must set altaddr and use
alternate adress for citrix when using nat (equal hide or static) because
the masterbrowser response sends the adresses of the servers in the DATA of
the packet (where fw1 don´t car
One of out customers uses bridging of SNA. It comes through as UDP on
port 1800-or-thereabouts.
cheers,
Alexander
Daniel Hitchcock <[EMAIL PROTECTED]> writes:
> Clarification:
>
> Checkpoint doesn't care at all about SNA (or any other non-IP) traffic. For
> example, a Checkpoint firewall wi
Hi all.
I have CP 4.1 SP3 with a CVP server TrendMicro Interscan.
I have an SMTP resource that deny FW1 to act as a mail relay for internet
users but it doesn't work when the CVP server is connected to the Firewall.
So when the CVP is disconnected I TELNET on the external interface of the
firew
After upgrading from 4.0 sp4 to 4.1 sp3 on windows nt4, sp6a. I am receiving
the following errors in the event viewer:
Bad file name in fw.logtrack,skipping line "987193767"
Bad normal file id in fw.logtrack, skipping line '987201045'
dtm-query_init: Failed to load DTM Query Dll c:\winnt\fw1\4.
Hi Eliot,
if you only have one Network Sensor than I would suggest to connect it to the
switch on the DMZ.
Otherwise you might get fired with alarms on your external network :-)
Also, if you have the posibility connect the management port of the sensor to a
separate "admin network" that is onl
Hi,
I have already posted this question, but I haven't found any solutions
yet.
I have successfully configured a FW1 4.1 SP3 on Solaris and a SecuRemote
SP3 client on W2000.
After configured the certificates in the gateway and for an user (CRL
field correctly filled) with CRL enabled with HTT
Hi Ian,
> For RedHat 7.0 put all ARP statements in rc.local. This will ensure they
> are executed on a reboot. The "arp -s -i eth1 pub" is the
> syntax, but these arp entries have to be in rc.local.
are you sure? I know that after a reboot all "manual" made arp entries will be
gone and t
Hi Rajesh,
did you just "export" you rules and objects or entered them from scratch?
Check also for the name of you solaris box - is it the same as on the old one?
Regards,
Marco
Rajesh <[EMAIL PROTECTED]> am 09.05.2001 02:48:41
Bitte antworten an Rajesh <[EMAIL PROTECTED]>
An: [EMA
Hi Matias,
AFAIK your license is bound to the numbers of Sensor you like to control.
You should be able to install the console on another machine - but: you have to
export your concole key to the sensor so it can be authenticated for access.
Regards,
Marco
[EMAIL PROTECTED] am 08.05.2001
Title: RE: [FW1] printlic output for VPN's...
Keep in mind though Dave, that doesn't include the SecuRemote license. (Which is free anyway.)
Jarrett
-Original Message-
From: Luke, Jason (ISS Southfield) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 14:24
To: 'Dave Dunaway
How would all of you
rate the degree of the benefit of making your public NAT HIDE address that not
of the firewall's external interface, but of another IP, only used for that
particular purpose?
Thanks in
advance.
Title: RE: [FW1] securemote error
This was happening to one of our users once, removing SR and completely re-installing it seemed to solve it
Jarrett
-Original Message-
From: Cadillo, Adolfo [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 02, 2001 08:49
To: [EMAIL PROTECTED]
Su
Hey Scott--
>From: Scott Schindler <[EMAIL PROTECTED]>
>Are you sure this is not a spoofing protection issue? Are you getting
>rejects on rule 0 in your log? What are you getting in your log? How is
>the interface the web server is running on configured for spoof protection?
I
Yes, we had a number of VPNs using Manual IPSEC and they all stopped working
after we deployed SP3.
We didn't investigate further and migrated the VPNs to IKE.
- Original Message -
From: "jonny robertson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 08, 2001 7:47 PM
Sub
Hi,
I just upgraded the firewall from ver 3.0b to ver 4.0 on a new E220R box
(solaris 2.6). When I start the Firewall it says
May 8 16:29:46 foonix1 unix: FW-1: only 25 internal hosts allowed
May 8 16:29:46 foonix1 unix: FW-1: No valid license
May 8 16:29:46 foonix1 unix: FW-1: only 25 int
Can anyone else on this list confirm that there is a problem
with Manual IPSec in Checkpoint Firewall 4.1 with Service Pack 3?
I haven't been able to make it work, and saw an article on the web a
few days ago hinting that it may be a known bug.
Thanks,
-jonny
Hi
IP NAT Pool:
---
Do you use addresses from the same net segment like the firewall has its
interfaces on?
I have never added any arp entries for my sr clients.I am using a
private /24 net for the IP NAT thingy. Important is, that your inside
servers must know the way back to y
Title: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
Checkpoint will not pass IPX traffic and SNA is very
much routable. You do need to encapsulate
as
Elliot suggested, however bear in mind that your firewall will not be
able to look higher up the stack.
George
-Original Message-F
unknown established packets?
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 07, 2001 7:33 AM
Subject: [FW1] rule 0 problems after upgrade from v40 sp5 to v41 sp3
>
> hi,
>
> after the upgrade from my nt 4.0 sp6a box from fw-1 v4.0 sp5 to v4.1 sp
sounds to me like an instructor like you would be an asset to the entire IT
industry. If eductation is not what people really want, than greed can only
take them so far.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Jorge L. Avelar
Sent: Tuesday, May
I try to connect to an other company with securemote and I have the
following problem:
I'm unable to establish a securemote connection to the FW2 when I use my
lan (pass through my fw1) but I'm able to an update site... from the
securemote client.
Desktop PC with Securemote -> fw1 -> INTE
Title: VPN
We are trying to setup VPN connection for remote user (home DSL/Cable) to corporate network.
First off, what is best practice:
We are all Win2k environment with Win2k remote users. Firewall is still on Win NT 4.0 WS SP5. Firewall-1 4.1 SP3 is currently use. Is it best practice t
hi all
i am implementing a vpn-1 gateway. We hv. a mail server and webserver in the
LAN and users need tohv. internet access. I also hv. to configure VPN for
users dialing in from home to reach the terminl server.
Now, can i hv. a NT machine with 2 cards as a firewall and give public ip's
for
Can anybody please give me some assistance in the
installation of CP sp3 on linux (redhat 6.2)? I've download sp2, and sp3
from Checkpoint's site and it's saying that I need CPfw1 and sharutils as
dependencies. I'm not a expert on Linux so I'm not sure what to do.
I tried to install Linux
Hi, all the members,
I am considering to upgrade V4.0 to latest V4.1+sp3, is there any official
document which describe all the upgrade procedure? I really appreciate any
response, by the way, present version is based on Sparc(solaris 2.6)
Richard
-Original Message-
From: Aaron Brassle
Hi,
I have Real Secure running over windows NT, and works fine.
I need to install another console, anybody knows what is the procedure to
do that. Because I have only one license.
Regards,
Matias
To unsu
Thanks to all who
have given me advice regarding this issue, I've now got several suggestions and
I'm sure I'll be able to make this work.
I'll be sure to let
you know which solution I've implemented and how I got on.
Regards,
Paul.
-Original Message-From: Yin To Chu
[mailto
Title: RE: [FW1] Multi-tier Firewall topology
As
someone that would happily sell you all this equipment, I would be happy to
recommend your configuration. As someone with a security background, I
would not recommend this in any way. Firewalls are meant to stop low to
medium skilled attacks
Title: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
Clarification:
Checkpoint doesn't care at all about SNA (or any other non-IP) traffic. For example, a Checkpoint firewall will happily route IPX traffic as long as your OS is configured to do so. Since SNA is non-routable, your firewall w
53 matches
Mail list logo
