If you want transparent fail-over of VPN connections, the answer is yes.
With Check Point's state sync enabled, VPN connections will not be
broken during failover, and SecuRemote users will not have to
re-authenticate.
Mark L. Decker
Rainfinity - High Availability for E-Business
408-382-4870
[EM
Hi,
I have recently upgraded the firewall-1 from ver 3.0b to 4.0 on a sparc machine.
Since then I am having 2 problems.
1. I couldn't install a new policy.
2. The newtowrk becomes very slow.
I need to solve the 2nd problem ASAP. Whenever network becomes too slow I am
restarting the Firewall.
Although I need more info on the topology, you can certainly pick
a legal IP address for the Logical server, while the phtsical boxes
are on the private address space. Make sure you have your static arps
and CheckPoint will pretty much take care of the rest.
George
-Original Message-
F
Just to make the discussion more 'spicy', I really enjoy manual NAT. The
only problem is that you're more suscetible to errors in NAT when you do
that manually.
I've been into many cases in which a bunch of manual NATs were almost
impossible to understand and maintain, which became a threat itse
>As mentioned above, I need a guide for AIX in
>particular. Thanks.
Here are notes I've gathered from IBM's RedBooks. For the full document see
the referenced document.
---
NOTES for CP VPN-1/FW-1 ON IBM AIX platforms.
N
Felix,
You need to keep up-to-date on patches for IIS. Check out Microsofts
website and find all the patches available for IIS 4.0.
Scott
>From: "Felix" <[EMAIL PROTECTED]>
>To: "Fw-1-Mailinglist" <[EMAIL PROTECTED]>
>Subject: [FW1] WebSite being Hacked!!!
>Date: Wed, 30 May 2001 10:51:36 -
>I get this error message when I start the FW
>
>"no license for address translation"
>Yes i have a valid license for the product. The same
>license is working without this error message on
>another box. The only difference is one box (the one
>that doesn't display this error) as 4.1 SP2 IPSO 3
>User authentication authenticates every site visited...
>
>Is this normal?
>
>So if I go to phoneboy I get challenged, and then go to Checkpoint, I get
challenged again.
>
>This is within one browser session.
Use Client Authentication for outbound HTTP service. Client Authentication
will au
Yes. We have several users getting through from behind that particular
model. Just make sure that you have everything set up to allow for UDP
encapsulation (including the changes to the userc.c file on the client)
HTH
Steve Schuster
Midwest ISO
Security Analyst
-Original Message
>Has anyone successfully implemented blocking of .vbs files (or any other
>files for that matter) using the SMTP Security Server?
>I'm not quite sure what is the format for entering the extensions in the
>Strip MIME of Type field in SSS. How would more
>than one extension be specified ?
>
>Run
>Has any one encountered this problem? I have a VPN tunnel between 2
>countries (SG and AU). The tunnel has been working fine, until this
>morning, it becomes a one-way tunnel ie. SG-AU is ok, but AU-SG failed.
>You can see that the AU fw encrypt the packet but you will never see it
>decrypt at
Dave,
have you tried recreating your object. Sometimes that helps.
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 31, 2001 7:59 AM
To: Daniel Wirth
Cc: [EMAIL PROTECTED]; Juppunov, George
Subject: RE: [FW1] RE: NAT - Manual or Auto??
I'm trying to work out exactly how is changes the behaviour of the compile
process, are there any downsides and has anyone experienced better results
with this after moving to 4.1 SP2 ?
Mark
To unsubscribe f
I ain't quite sure.I suppose you can set it to use an application like blat
which is similar to sendmail but instead it runs on win32.
-Original Message-
From: Scott Murray [mailto:[EMAIL PROTECTED]]
Sent: Miércoles, 30 de Mayo de 2001 08:01 a.m.
To: [EMAIL PROTECTED]
Subject: RE: [FW1]
Use dbpasswd
command to change the password on command line.
Syntax: dbpasswd username passwd
oldpasswd
Hope
this helps you.
Regards,
Chandra.
Original Message-From: Verónica A. Fernández
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, May 30, 2001 2:08
PMTo:
[
I am obviously biased but.
I assume that you mean Websense authentication ? If so, then we
have the ability to talk to an LDAP enabled directory (NDS,
IPlanet) or and NT based directory. The only real issue
that we have with customers is currently a hard-coded 10 minute tim
It works, but there seems to be a glitch with the interaction between FW-1 and
Websense.
I have IP440s, IPSO 3.3E, FW-1 4.1SP3. If the Websense (NT) box is rebooted, the
firewalls never reestablish the connection to Websense, even after the Websense
service is started. I get "Error communi
Our Nokia IP440s were set up with the export version of IPSO, ie the one without SSH
support.
I intend to install the non-export version this weekend. Does any one have any
pointers or things I should look out for in this procedure.
Or is it simply a case of installing the new IPSO over the
Um, sorry Daniel, but you can most certainly put manual NAT rules above the
automatic ones.
I use a combination of auto and manual rules. The auto rules cover Internet
connectivity, and then my manual rules go above the manual rules to handle
other cases such as traffic that is going between ho
19 matches
Mail list logo
