Hi,
mostly this problem is caused by the name-resolution for the log. Try to turn it off
using Select - Options - Resolve Addresses in the Log Viewer. The log should be
displayed faster then.
Hope it helps,
best regards
Matthias
Amit Zinman wrote:
> Hi, not that many entries in the log (just
Hi, not that many entries in the log (just cleared it) and yet it takes
a number seconds to scroll down the list. We are running FW1 SP2 on NT4
SP4.
Has anyone encountered this?
Amit
To unsubscribe from th
Hi Guys
I am having a problem with ftping from behind a NT checkpoint fw1 through a
nokia fw1. I am creating a lot of connection very quickly and all the
sessions keep disconnecting, I have herd there is a patch or file mod for
this does any one have any ideas of why this is happening.
Cheers
Ma
Ashwin
Your h/w spec looks very borderline to me, depending on traffic levels etc. My very rough rule of thumb is that you need at least a PIII 500, 512Mb RAM and decent fast hard disk for Firewall plus Management Server. For Floodgate on top I would start to think about 1Gb RAM and maybe a VPN a
Bravo,
But all you've done is strengthen what I'm saying. The protection
of the firewall policy is only as good as the person you've kept in mind for it
to protect you from, and it by itself does not suffice but configured
properly it will help greatly in the effort.
And please no more
Hi all
we are using in a enviroment IPSO 3.3, cp4.1sp2 on several vpn210-440 boxes.
we are also using metaframe apps citrix, ms terminal services over these
tunnels. I do now experience that the vpn connection drops after around 20
minutes use for about 20 seconds and gets back after this time
Title:
Hi.
Just to add my comments to this, when I was setting up
a BT aDSL connection in the UK, the small print stated that H323 applications
would not be passed by their routers, effectively blocking any sort of secure
connection. I suggest checking with the aDSL provider to make sure
Title: Emergency - Master Wipeout!
Somehow my IPSO 650 box has managed to trash the Firewall-1 directory on my Management Station by turning it into a symbolic link to itself. Probably my fault but not sure how it happened. Is there any way to reconstuct the objects and rulebase on the master
Veronica,
You can accomplish this through the
Voyager interface on the NOKIA.
Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail:
[EMAIL PROTECTED]
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Verónica A. Fern
1)
regardless of ANY configuration you haveif you only have a single T1 for
your internet connection and someone sends 50megabits/sec of
data
to ANY address on your subnet, your entire internet connection will be DoS'd...a
firewall will NOT help you.
2) If
someone gleans some informat
You are missing a secure remote license. License could read
cpvp-vsr-xxx-3des-v41 CK-xxx. As of 4.1 the license for secure remote
it separate from the fw license. You should be able to get this through
your var. They have to make a request for a separate certificate key from
checkpoint wh
For a properly secured firewall when scanned with
Nmap with the -p0 option, Should there be no ports opened?
I got 3 ports opened and I supposed they are the
Management ports 258, 256 etc.
Thanks
Hello,
Thanks for the replies about the FW-1 4.0 to 4.1 Upgrade, has anyone
experienced any problems migrating from 4.0 to 4.1? My main concern is
whether the rule-set and policies migrate without compromising data
integrity.
Thanks,
Robert
-Original Message-
From: Chris F [mailto:
I am very well aware of that. My point, as
you've restated in your rebuttal, is that the less a hacker has at his
fingertips with which to develop an overview of your network, the harder it will
be for him to mount a successful attack. While ping is just a scratch at
the surface of pos
Please stop replying to this message. It is getting out of the subject. She
has enough information on the item. She probably needs to know how to enable
or disable it through NT or Unix.
fm
-Original Message-
From: David E. Hoobler Jr. [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 10, 20
Carl,
I must be losing you somewhere.
Please explain to me how someone would be able to flood any address on your
internal network if you are using illegal ip addresses. From my
experiences when we, sitting on the outside network, even try to hit and RFC
address a router somewhere al
I have
to agree with Steve. It would be easy enough to do an nmap scan and turn
off a ping probe. On the flip side, anytime you can trim down access to
the firewall, you are at least somewhat raising the bar (keeping in mind that
the benefits my not outweigh the consequences).
-Orig
SP4 is just out for all platforms
alan
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.h
That's
no reason to not take away the obvious tools. While removing ICMP from the
hacker tool-kit doesn't make you safe, you should try to take as many tools
away as possible.
-Original
Message-From: Steven Schuster
[mailto:[EMAIL PROTECTED]]Sent: Monday, J
Enable Ntp on a Nokia plataform 3.1, is it
dangerous?
Regards.
Verónica.
Yes the external line is 64 Kbps line and I had incorrectly defined it on
the external/WAN interface .I've now defined both the Inbound/Outbound
Actives of the external interface to be 64 Kbps and the Real Time Monitor
appears to show traffic correctly for the enterprise as a whole.However
after
Well I am having the same problem with the
release candidate (downloaded the day checkpoint
announced the release candidate).
So the problem remains ...
Mario Kadastik
[EMAIL PROTECTED]
> Goto www.checkpoint.com/beta and fill out the form.. Then you can download
> the newer versions of the be
How does one migrate or tell fw to start logging to D:\fwlog from the default
c:\ drive.
--
Get your firstname@lastname email for FREE at http://Nameplanet.com/?su
To unsubscribe from this mailing list, ple
Alee Steven,
>From the "ok" prompt, type "boot kernel/unix".
BTW, you can find answers to many questions at
http://groups.google.com/advanced_group_search
Also you may want to reference this site for Solaris administration
http://www.sun.com/bigadmin/
Cheers,
Gregor
-Original Message---
Hello All,
Just a quick question/clarification. I understand that in the CVP
architecture, the Firewall delivers SMTP traffic after it has gone through
the CVP server. But the headers are changed to reflect the packets as
coming from the firewall. Is there are a way to configure the firewall
You aren't going to like this at all..
I got the same error message last week on a 440 Nokia and it eventually turned
out to be a faulty boot manger (Ipso 3.3 on FW4.1 Sp2) When I fixed that it got
worse (Fatal Trap 12 errors on the console) and after that it started to Core
Dump when telnet
Some FTP servers now attempt to verify the source host with an ident (TCP
protocol 113 - auth). Your firewall is probably "dropping" the ident session
request since it is an incoming request to establish a TCP session not in
the rules. The FTP server times out waiting for a response and never
com
Title: Mensaje
Hi
gurus, I just performed some clean-up from outdated links and changed URLs on
updated sites. I have added new section as well. Look for a "new" icon.
Njoy.
http://www.rtek2000.com/Tech/InternetSecureLinks.html
=
Bes
Hi All
Could really do with a hand.
Has anyone out there configured RealSecure 6.0 to reconfigure Checkpoint
FW-1 v4.1 SP3 with OPSEC?
If so could you point me in the right direction?
Is it possible to have both an authenticated and encrypted connection
between them.
What do you have to copy
Hi
Try to delete the following stuff on your gui workstation:
\5.0\Program\CPMICache\
\5.0\Program\session.NDB
\5.0\Program\session.NDB0
\5.0\Program\session.NDBBKP
\5.0\Program\ICA__xx_xx.crl
then restart your gui again
regards,
mike
- Original Message -
From: <[EMAIL P
Goto www.checkpoint.com/beta and fill out the form.. Then you can download
the newer versions of the beta.. Im pretty sure this is a public beta
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 10, 2001 10:07 AM
To: [EMAIL PROTECTED]; [EMAIL PROTE
Someone know how can I change the time on a NOKIA
IP box??
Next Saturday our time will change and I should do
that.
Thanks.
Regards.
Hi,
Recentll upgraded my Nokia IP330 to IPSO 3.4 and FW-1 4.1 SP4. The upgrade took less
than 30 minutes. The release notes had one error. When upgrading the bootmgr the notes
specify to "set defaults", the actual command is "set-defaults". Otherwise the upgrade
was problem free. I no longer
I've seen an interesting problem. I'm running the later versions of SR
(4165 & 4176) on a 192.x.y.z host from behind a CheckPoint performing NAT
going
to a VPN gateway running 4.1 SP3.
objects.c have been modified to include the definition for udp
encapsulation, plus the appropriate settings t
BTW
There are about fifty different ping sweeps, only some of them user icmp
over udp.
George
-Original Message-
From: David E. Hoobler Jr. [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 10, 2001 7:34 AM
To: 'Tony Wong'; [EMAIL PROTECTED]
Subject: RE: [FW1] Blocking ICMP
Blocking ICM
35 matches
Mail list logo
