RE: [FW1] Performance of your firewall

Sar data analysis would probably be sufficient for finding the more severe problems. vmstat would give you some of that info in real time as well. You should also look at some netstat -s output for protocol statistics to make sure your interfaces are optimized. Finally, look at your firewall mem

Re: [FW1] Management Client

Have you checked to see if your workstation IP address is in the "gui-clients" located under the conf directory? If not, you might want to add it in. -Hungdan Amelis Uitenweerde <[EMAIL PROTECTED]> @lists.us.checkpoint.com on 06/26/2001 09:23:54 AM Sent by: [EMAIL PROTECTED] To: "'[EM

RE: [FW1] Log files

fw logexport -n -i  original logfile  -o name of textfile     ^--- no name resolution -Original Message-From: Firewall Guy [mailto:[EMAIL PROTECTED]]Sent: Montag, 25. Juni 2001 22:22To: [EMAIL PROTECTED]Subject: [FW1] Log files how do I go about c

[FW1] FW1-sp3 working on linux with VLAN's

At last is is working. A compaq DL360 with two gigabit interfaces One Intel pro1000 gigabit interface to the outside On Inter pro1000F gigabit interface with 4 VLAN's 802.1q to the inside redhat 7.0 with kernel 2.2.19 SMP and CP FW1 firewalling between all interfaces. It took a while but it's

[FW1] Management Client

I'm running FW-1 on a stand alone server, now, what I tried today was to install the Management client on my workstation and to get the Client and the FW-1 to talk. This I could not get working. I then tried to install the management client on my Test server (WIN 2000 Advanced Server) I changed t

Re: [FW1] DMZ advantages

Setup a REMBO server out of band. Setup your bastions to be imaged/reimaged under the control of the REMBO server. If you are compromised, you have incremental partition images to choose from. The only problem is that it is complicated to setup something like this and the bastions cannot perfor

[FW1] IPSec

Does Windows 2000's IPSec work with FW-1's IPSec ? Does anybody have any experience about that ? Thanks, Hervé. To unsubscribe from this mailing list, please see the instructions at http://w

RE: [FW1] Nokia Installation

www.digmig.com good site for information related to NOKIA's   Juan ConcepcionNetwork Security ConsultantCCSA/CCSE CertifiedE-Mail: [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul MesserSent: Monday, June 25, 2001 8:32

RE: [FW1] FW log working slowly

Even after turning off name resolving I still get "Slow response from server, Abort". --- Jørn Yngve Dahl-Stamnes EDB Teamco, Trondheim [EMAIL PROTECTED] > -Original Message- > From: Hartley, Earl [mailto:[EMAIL PROTECTED]] > Sent: 13. juni 2001 18:01 > To: 'Amit Zinman'; FW1-MailingLi

[FW1] Secure Remote + 2 Internal DNS

Dear List, Here is my network plan : === = | SR |---> | Internet | > | FireWall | ---> | Domain A | === = |

[FW1] Nokia Setup

Dear All, HELP ! we've just bought a Nokia box to replace an existing Unix FW1 and now that I've got all the routes / objects and groups sorted out I need to configure it all on the Nokia box. I've got an ethernet connection to the box and I can access it via my web browser. This is where my "e

[FW1] Policy displaying with proxy server

Hi,   I have a proxy server , Netscape 3.x . The Internet access  is based on LDAP authentication. Whenever a user try to connect an internet site it will prompt for user aunthentication.   Here I have a requirement that all user should get an Internet access policy page before the authent

[FW1] Securemote NAT pool and UDP encapsulation

It seems that if a securemote client connects to a firewall using UDP encapsulation (either because he is behind a PAT device or he checked the option 'force UDP encapsulation'), the firewall won't translate the real IP of the client into one of the assigned NAT pool. Anyone have seen that befor

[FW1] management of H323

Hello, I'd like to know where can I find documentation about the way that firewall-1 manages H323 comunications in detail because I have several questions : - Does it keep a state for each communication ? - Is it possible for another host to use UDP ports opened for an H323 communication ? - Ar

RE: [FW1] Time objects length restriction.

This is correct. You cannot have time objects with names longer than 11 character, new 'feature' of 4.1 SP3 and on, at least that I've experienced. Juan Concepcion Network Security Consultant CCSA/CCSE Certified E-Mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mai

RE: [FW1] SecuRemote: CA, Encryption and Authentication

Are you sure about this? I tried this method on our firewalls with no luck If I could get this to work it would help me a great deal in a case I'm currently working on. Jan-Ivar -Original Message- From: Luke, Jason (ISS Southfield) [mailto:[EMAIL PROTECTED]] Sent: 22. juni 2001

RE: [FW1] My experience with CPFW-1 and Legato / Solstice Backup

Hi, you are correct. I have done the same investigation as you. However my solution (2c.) is to set the OS (backup server) tcp timeout to something less than 60s. I never would setup version 2b. Personally I hope Legato will change their software moreover add security (port control, acl, remove

[FW1] Changing VPN to different external connection.

Hello all... We've got: Firewall 1 4.1 sp2 running with the management console residing on the firewall Hopefully I can communicate this in a semi-understandable manner. We have been successfully connecting to the internet and running vpn (ike encryption) through one interface on our firewall

[FW1] Log files

how do I go about converting the log files check point creates to text? THANKS!

RE: [FW1] Secure Remote client

And aslo, are you using IKE or FWZ? You need to use IKE in this case. Yim --- "Goetz, Jarrett" <[EMAIL PROTECTED]> wrote: > What kind of DSL router are you using Juan? > > Jarrett > > -Original Message- > From: Juan Islam [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 21, 2001 16:4

FW: [FW1] How are Nokia's Products

Title: FW: [FW1] How are Nokia's Products Yes, Nokia's CheckPoint-based products are quite reliable. They do function as the manufacturer states.  Is there something specific you are questioning about them or would like to throw out for discussion? I think the only thing to date that has bo

[FW1] NAT and MS Exchange and New Mail Notification

All, Hope someone can provide some insight... Our MS Exchange server was recently moved outside of our 'group' firewall though it is behind our 'corporate' firewall. We use NAT behind our 'group' firewall. Since the mail server has been moved, new mail notification no longer works correctly

RE: [FW1] what occurs first NAT or RULEBASE

Well. When you mention that you create certain objects etc. etc., and not using the objects properties, presumable you are populating the NAT rules manually. George -Original Message- From: Frank Knobbe [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 10:36 PM To: 'Juppunov, Geo

Re: [FW1] Firewall-1 on Redhat 6.2

Hi$B!!(Bthere Thanks for a lot of helpful information. I changed OS from Redhat6.2 with SMP to nonSMP and now Kernel is 2.2.14-5.0. Eventually, FireWall-1 is working now!! Many Thanks > > And it doesn't like SMP kernel until you go to SP4. > > -Original Message- > From: Vince

[FW1] NT2000 server support?

Does the Firewall-1/VPN-1 module is officially supported on Windows 2000 server? If it is, What are the unwanted serives that can be diasabled prior to installing fw-1/vpn-1 modules. thanks dev <><><><><><><><><><><><><><><> K.R.Devarajan CrossAccess Corporation 2900, Gordon Avenue, Su

AW: [FW1] authentication with Windows 2000?

Title: AW: [FW1] authentication with Windows 2000? Hi Carmen, if you use a W2K Domain, you use ADS. ADS has an ldap-interface and so you can after some schemachanges use the ldap account management from CP for authenticating the users. We use it successfully since three month. Another pos

[FW1] Windows update site through Checkpoint firewall 1

Hi   I was wondering if anybody had any luck with getting the windows update site to work through checkpoint FW-1 4.1 sp2 is there any specific rule or option i need to add to allow this to work?   What happens is that it gets to the checking your system page and never goes any further.  

[FW1] Time objects length restriction.

Hi, I have upgraded firewall to 4.1 SP4 from 4.1. The Security Policy Editor allowed to create time objects longer than 30 characters in SP4.0, but if they were used in a policy, the policy failed to install.. But it is not even allowing me to have more than 11 character for time objects

[FW1] FW-1 and OSPF

Hi All, our goal is to make our FW-1 (on NT4) "aware" of 1300+ intranet routes/subnets, so that each VPN user can browse any intranet web site. For this we installed RRAS (routing and remote access) to get OSPF capability on NT. Then we configured it on the *internal* interface only, to have it le