hi,
i would like to ask
if any of you have encountered a user authentication with http
resource?
we created a
generic* user and a valid_user group, the rule is
source:
valid_user@any
destination:
any
service:
http/https
action: user
authentication
this is working
until we have i
Hi,
I have a task to do which I am not too sure how to go
about it.
Currently, I have installed a CP FW-1 Ver 4.1 on an
AIX box. At first, the FW Module and Management Module
is installed in the same box. Right now, I am required
to seperate the 2 modules into 2 seperate boxes. I
have gotten the
Hi Azeem,
Thank you very much.
Rajesh.
>MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit
>X-Priority: 3 (Normal)
>X-MSMail-Priority: Normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.
>Importance: Normal
>Date: Tue, 16 Apr 2002 11:13:23 +0300
>From: Azeem Usman Bharde <[EMAIL PR
I will be out of the office starting 12-04-2002 and will not return until
23-04-2002.
I will have limited access to my email during this period. For urgent
issues please contact +31 40 2502602
My Collegue Hans van den Boomen will be your contact person during this
period. Please reach him at +31
Hello.
We're having problems with an FTP application over
SecureClient, and one of the things that they
suggested to fix the issue was to remove the FTP
service and define a new FTP service as type other.
This didn't fix the problem; however, it seems to have
broken outbound passive FTP. When a
Title: syslog traffic
Can anyone give me an idea of how much throughput is used by sending fw-1 logs via syslog to a central syslogd server?? I'm looking at doing this with several 4.1 installations that have an average of 300 users behind them.
Thanks,
Glenn
Title: A Little OT: VeriSign Training Courses
Consider SCP from SecurityCertified.net. It's more hands-on vs.
slides-only and 250 people in a class.
>>> For
my money, I prefer the SANS classes over any
others.
Brian
Drake
Central
Technology Services
-Original
Thanks for clearing that up, interesting point, I'll test this tomorrow and
see what happens.
Subject: Re: [FW-1] Easy way to not log broadcasts?
The issue I have is that with a default installation of NG FP1 the
'Broadcast Address - Included / Not Included' button in a 'Network
Properties' ma
They never purchased anything. Its called SCMD in Netware 5/6. It allows for
ipx tunnelling in ip. There are different way of running it.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]]On Behalf Of Jim
Parker
Sent: April 16, 2002 3:38 PM
To: [
Yes, Novell makes something that should work. I think it's called "IP/IPX Gateway". I
set it up a while back using Intranetware 4.11 server -- which is IPX native -- so I
could connect this server to an IP-based network. But I wasn't using a CP FW or VPN.
Keep in mind that while possible, this
The issue I have is that with a default installation of NG FP1 the
'Broadcast Address - Included / Not Included' button in a 'Network
Properties' makes no difference. Not only that but the broadcasts are
actually 'accepted' on the interface. The only way I could achieve the
correct action was to c
Interesting. I think Novell produced a product to encapsulate ipx in an ip
packet, i assume you could then route that over the vpn. Would be interested
in what you find out.
-Original Message-
Subject: [FW-1] VPN
This is probably a stupid question, but I'll ask it anyway.
If I use Se
Ok guys, I need some input from you,
Can someone test/explain this next problem to me? I've been trying to figure
this out for a week.
I've tested it on SP2, SP3, SP4, SP5 and NG FP1.
In test, simple rulebase:
users@any - web_server - http - client_auth_fully_automatic
any- any-
I don't really understand the issue?
If you don't want to see something dropped in the last rule the create a
silent drop/accept rule?
How would you have it done?
-Original Message-
Subject: Re: [FW-1] Easy way to not log broadcasts?
An even shorter answer is 'no'
I have a support call
Title: A Little OT: VeriSign Training Courses
It is a pity that you all had what seems
to be a bad experience at Verisign. I personally review all of the student
comment sheets here at Mission Critical Systems and have yet to get less than
excellent comments from our students. I can unde
Not yet suported
ftp://download.stonesoft.com/web/Marketing/SBOS-REQL1.pdf
|+-->
|| Rodrigo Borges <[EMAIL PROTECTED]> |
|| Sent by: Mailing list for discussion|
|| of Firewall-1
Sorry - supported only with Cluster-XL and SB hotfix 3
__
Not yet suported
ftp://download.stonesoft.com/web/Marketing/SBOS-REQL1.pdf
|+-->
|| Rodrigo Borges <[EMAIL PROTECTED]> |
|| Sent b
An even shorter answer is 'no'
I have a support call with CP on this very subject.
Last I heard it had been escalated why up high...
Paul
PS: Work around was to put the rule in
|+-->
|| Kim Longenbaugh |
|
Title: A Little OT: VeriSign Training Courses
I attended a FW1 class about a year ago and it was a bad
experience. The instructor was
very good but the books were lousy.
The instructor said the books were not correct in a lot of cases and we
were making changes as we went through the cla
disable TCPIP? :)
>>> [EMAIL PROTECTED] 04/16/02 10:28AM >>>
Hi,
my logs are full of blocked broadcasts. Is there an easy way
to make sure broadcasts are not logged (except for writing a rule
that just drops them without logging) ?
Nico
Hi,
my logs are full of blocked broadcasts. Is there an easy way
to make sure broadcasts are not logged (except for writing a rule
that just drops them without logging) ?
Nico
-
"It has been said that there are only two businesses that
This is probably a stupid question, but I'll ask it anyway.
If I use SecureRemote or SecureClient on a PC and create a VPN back to an NG firewall
can I only send IP traffic over the VPN? In other words, is there any way to send IPX
over that VPN link also? Is there any way to encapsulate that
Redirect the cron output to /dev/null:
x x x x x /path/scriptname >/dev/null 2>&1
-Original Message-
From: Scott Murray [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 9:42 AM
To: [EMAIL PROTECTED]
Subject: [FW-1] cron job sending mail
I am running a Firewall module on a Nokia
Simon,
Will try this as soon as I have some spare time again.
Thank you for the reply anyway.
Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [EMAIL PROTECTED]
Tel: +32(02)729.7
Richard,
Thank you for the input, this configuration was working just fine
in 4.1, having used the same trick as you, masters file containing
both entries NAT'ted and unNAT'ted addresses, but NG does not use
this anymore, it seems to get the node infos from the objects_5_0.C
file, and it n
I am running a Firewall module on a Nokia IP650. I have a simple script
which does some file backups. For some reason everytime the script is
finished running, the system send an e-mail From: admin@[hostname] To: root.
How can I stop this from happening?
Scott
___
Yes, I have attended two and in both instances the labs did not work
the way they were supposed to, or the hardware was broke or
misconfigured. For the amount of money spent on the courses, these
problems should not happen. When things did work, I learned new things
but not as much as I wanted
Hello all,
Has anybody tried this configuration?
I've been told that Fullcluster 3.0 works fine in 64bits mode but still, it
isn't officialy supported. And maybe when Stonesoft releases a new HF (5?)
that supports CP FP2 it would also supports 64bits.
Any opinion about that?
Regards,
Rodrigo B
Title: A Little OT: VeriSign Training Courses
Carlos,
I appreciate you taking the time to answer my question,
thanks!
Don Guyer Information Systems Citadel Federal
Credit Union [EMAIL PROTECTED]
Ph: 800.666.0191 x7072 Fax: 610.380.6083 www.citadelfcu.org
-Original Message-
Title: A Little OT: VeriSign Training Courses
I've gone to both FW-1 and Applied hacking. Both were very good, but expensive. For my
money, I prefer the SANS classes over any others.
Brian Drake
Central Technology
Services
-Original Message-
From: Don Guyer
[mailto:[EMAIL
I could see something strange happening on the firewall.. Sometimes Firewall
is initiating connections to other mail servers on ports other than SMTP
port and the XlateSPort for them is mail/smtp. These connections are dropped
according to my rules..After 5 attempts on the same the port to the oth
Guy,
Try the following ...
Check that the management has external host entries for each remote module
Check that the remote modules have the external address of the management in
their hosts file
Put two NAT rules on the remote module ...
MGMT-NAT > Remote-Module - MGMT-REAL > Original
don't know if this will help, as not using NG yet... but i use both the
internal and external names of the managment server in the masters file,
having defined internal and external names/ips on the firewall hosts files.
-Original Message-
From: Mailing list for discussion of Firewall-1
[
Hi,
I did everything but it still doesn't work. The log entry "unknown established tcp
packet" comes only when the mail servers send data. handshake, helo etc. works fine,
really!
Who can give a hint?
Regards,
Christian
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL
there will not be any problem.
regards
azeem
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]]On Behalf Of Rajesh
Sent: Tuesday, April 16, 2002 10:52 AM
To: [EMAIL PROTECTED]
Subject: [FW-1] upgrade from 4.1 to NG and solaris 2.6 to 8
Hello ev
Sorry me again, I want to ask if we change the IP address which the license
tied to, then we got to change the odject(gateway) in the policy rule right?
But we need to fwstop before we change the IP address on the firewall NIC
card. After changing the IP and we fwstart it, by default it will load
Sid Van den Heede wrote:
> I'm trying to setup a firewall on a network where I have one public IP
address
> assigned. I want to have incoming http requests forwarded to an internal
> machine (private IP address).
>
> I have a rule that resembles this:
>
> Any -> firewall-public-address (http) Ac
Hi..Geoffrey and dear all,
When you say changing IP by myself on web, are you referring to go to the
usercenter--> License / Move IP and change the IP address there. After that
it will generate the license and we have to go download license file section
to download it? Is that the correct proce
Hello everyone,
I've upgraded the management console from solaris 2.6 to solaris 8 and
Checkpoint Firewall from 4.1 to NG. It is running on a sparc 5 machine.
Since sparc 5 doesn't support 64 bit I've booted the system in 32 bit.
Now I want to upgrade firewall module (both operating system from
Hi,
I am trying to connect a Cisco Vpn concentrator behind
a Pix Firewall, via Cisco SW Vpn client behind
Firewall-1. Vpn clients are hide nated on the Fw-1.
Cisco SW Vpn clients support Ipsec Udp encapsulation.
Rule base and configuration is Okey on the Firewall-1
and Cisco Site. However, no suce
40 matches
Mail list logo
