Sar data analysis would probably be sufficient for finding the more severe
problems.
vmstat would give you some of that info in real time as well. You should
also look at
some netstat -s output for protocol statistics to make sure your interfaces
are optimized.
Finally, look at your firewall mem
Have you checked to see if your workstation IP address is in the
"gui-clients" located under the conf directory? If not, you
might want to add it in.
-Hungdan
Amelis Uitenweerde <[EMAIL PROTECTED]>
@lists.us.checkpoint.com on 06/26/2001 09:23:54 AM
Sent by: [EMAIL PROTECTED]
To: "'[EM
fw logexport -n
-i original logfile -o name of textfile
^--- no name resolution
-Original Message-From: Firewall Guy
[mailto:[EMAIL PROTECTED]]Sent: Montag, 25. Juni 2001
22:22To:
[EMAIL PROTECTED]Subject: [FW1] Log
files
how do I go about c
At last is is working.
A compaq DL360 with two gigabit interfaces
One Intel pro1000 gigabit interface to the outside
On Inter pro1000F gigabit interface with 4 VLAN's 802.1q to the inside
redhat 7.0 with kernel 2.2.19 SMP
and CP FW1 firewalling between all interfaces.
It took a while but it's
I'm running FW-1 on a stand alone server, now, what I tried today was to
install the Management client on my workstation and to get the Client and
the FW-1 to talk. This I could not get working. I then tried to install the
management client on my Test server (WIN 2000 Advanced Server) I changed t
Setup a REMBO server out of band.
Setup your bastions to be imaged/reimaged under the control of the REMBO server.
If you are compromised, you have incremental partition images to choose from.
The only problem is that it is complicated to setup something like this and the
bastions
cannot perfor
Does Windows 2000's IPSec work with FW-1's IPSec ? Does anybody have any
experience about that ?
Thanks,
Hervé.
To unsubscribe from this mailing list, please see the instructions at
http://w
www.digmig.com good site for
information related to NOKIA's
Juan ConcepcionNetwork Security ConsultantCCSA/CCSE
CertifiedE-Mail: [EMAIL PROTECTED]
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Paul MesserSent: Monday, June 25, 2001 8:32
Even after turning off name resolving I still get "Slow response from
server, Abort".
---
Jørn Yngve Dahl-Stamnes
EDB Teamco, Trondheim
[EMAIL PROTECTED]
> -Original Message-
> From: Hartley, Earl [mailto:[EMAIL PROTECTED]]
> Sent: 13. juni 2001 18:01
> To: 'Amit Zinman'; FW1-MailingLi
Dear List,
Here is my network plan :
=== =
| SR |---> | Internet | > | FireWall | ---> | Domain A |
=== =
|
Dear All,
HELP !
we've just bought a Nokia box to replace an existing Unix FW1 and
now that I've got all the routes / objects and groups sorted out I need
to configure it all on the Nokia box.
I've got an ethernet connection to the box and I can access it via
my web browser.
This is where my "e
Hi,
I have a proxy server , Netscape 3.x . The Internet access is
based on LDAP authentication. Whenever a user try to connect an
internet
site it will prompt for user aunthentication.
Here I have a requirement that all user should get an Internet
access policy page before the authent
It seems that if a securemote client connects to a firewall using UDP
encapsulation (either because he is behind a PAT device or he checked the
option 'force UDP encapsulation'), the firewall won't translate the real
IP of the client into one of the assigned NAT pool. Anyone have seen that
befor
Hello,
I'd like to know where can I find documentation about the way that
firewall-1 manages H323 comunications in detail because I have several
questions :
- Does it keep a state for each communication ?
- Is it possible for another host to use UDP ports opened for an H323
communication ?
- Ar
This is correct. You cannot have time objects with names longer than 11
character, new 'feature' of 4.1 SP3 and on, at least that I've experienced.
Juan Concepcion
Network Security Consultant
CCSA/CCSE Certified
E-Mail: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mai
Are you sure about this? I tried this method on our firewalls with no
luck If I could get this to work it would help me a great deal in a
case I'm currently working on.
Jan-Ivar
-Original Message-
From: Luke, Jason (ISS Southfield) [mailto:[EMAIL PROTECTED]]
Sent: 22. juni 2001
Hi,
you are correct. I have done the same investigation as you. However my
solution (2c.) is to set the OS (backup server) tcp timeout to something
less than 60s. I never would setup version 2b.
Personally I hope Legato will change their software moreover add security
(port control, acl, remove
Hello all...
We've got: Firewall 1 4.1 sp2 running with the management console residing
on the firewall
Hopefully I can communicate this in a semi-understandable manner. We have
been successfully connecting to the internet and running vpn (ike
encryption) through one interface on our firewall
how do I go about converting the log files check point creates to text?
THANKS!
And aslo, are you using IKE or FWZ? You need to use
IKE in this case.
Yim
--- "Goetz, Jarrett" <[EMAIL PROTECTED]> wrote:
> What kind of DSL router are you using Juan?
>
> Jarrett
>
> -Original Message-
> From: Juan Islam [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 21, 2001 16:4
Title: FW: [FW1] How are Nokia's Products
Yes, Nokia's CheckPoint-based products are quite reliable.
They do function as the manufacturer states. Is there something specific you are questioning about them or would like to throw out for discussion?
I think the only thing to date that has bo
All,
Hope someone can provide some insight...
Our MS Exchange server was recently moved outside of our 'group' firewall though it is
behind our 'corporate' firewall. We use NAT behind our 'group' firewall. Since the
mail server has been moved, new mail notification no longer works correctly
Well. When you mention that you create certain objects etc. etc.,
and not using the objects properties, presumable you are
populating the NAT rules manually.
George
-Original Message-
From: Frank Knobbe [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 22, 2001 10:36 PM
To: 'Juppunov, Geo
Hi$B!!(Bthere
Thanks for a lot of helpful information.
I changed OS from Redhat6.2 with SMP to nonSMP and
now Kernel is 2.2.14-5.0.
Eventually, FireWall-1 is working now!!
Many Thanks
>
> And it doesn't like SMP kernel until you go to SP4.
>
> -Original Message-
> From: Vince
Does the Firewall-1/VPN-1 module is officially supported on Windows 2000
server? If it is, What are the unwanted serives that can be diasabled
prior to
installing fw-1/vpn-1 modules.
thanks
dev
<><><><><><><><><><><><><><><>
K.R.Devarajan
CrossAccess Corporation
2900, Gordon Avenue, Su
Title: AW: [FW1] authentication with Windows 2000?
Hi Carmen,
if you use a W2K Domain, you use ADS. ADS has an ldap-interface and so you can after some schemachanges use the ldap account management from CP for authenticating the users. We use it successfully since three month.
Another pos
Hi
I was wondering if
anybody had any luck with getting the windows update site to work through
checkpoint FW-1 4.1 sp2
is there any
specific rule or option i need to add to allow this to work?
What happens is that
it gets to the checking your system page and never goes any
further.
Hi,
I have upgraded firewall to 4.1 SP4 from 4.1. The Security Policy
Editor allowed to create time objects longer than 30 characters in SP4.0,
but if they were used in a policy, the policy failed to install.. But it is
not even allowing me to have more than 11 character for time objects
Hi All,
our goal is to make our FW-1 (on NT4) "aware" of 1300+ intranet routes/subnets, so that each VPN user can browse any intranet web site.
For this we installed RRAS (routing and remote access) to get OSPF capability on NT. Then we configured it on the *internal* interface only, to have it le
29 matches
Mail list logo