Re: [FW-1] Proxy arp on Linux

Robert, the basic command is : /sbin/arp -i eth0 -s 192.168.2.1 00:0C:99:88:EE:32 pub You'll aslo want to add this to a startup script in case you reboot. I use the full path on the command, becuase the normal path may not be set up yet when you startup script runs. HTH, Pete Goodridge --- Ro

Re: [FW-1] Auto-Summarize in Encryption domain

Hi, This sounds like it's the Cisco that is doing the auto summarizing. See iof there is a no auto-summary command for the VPN setup on the Cisco. They use this command for some of their routing protocols. HTH, Pete Goodridge --- "Roelandts, Guy" <[EMAIL PROTECTED]> wrote: > Martin, > >We

Re: [FW-1] Using site to site VPN as backup for dedicated link.

The only problem with that solution is that all your current tcp/ip sessions on the WAN link will be dropped by Checkpoint because they are "unknown established TCP packets". Not a big problem for web traffic, but pretty bad for telnet, ssh, long file transfers, etc. This problem goes away if yo

Re: [FW-1] Compaq Servers (on linux) or Nokia (on freebsd)

I've been very happy moving my boxes from Nokia over to Linux running on Penguin Computing boxes. For the cost of Nokia support I can have a cold swap penguin sitting there ready to go. Also the patches for Linux seem to come out sooner then for Nokia. If you're used to Linux and comfortable wit

[FW-1] Client Auth

Hi, I'm setting up a stand alone NG FP2 box on linux, that will be used to give users access to a webserver using Client Auth with SSL on port 443. I'm using ssl with a verisign test certificate, and it seems to work fine. There's only one strangeness. When you first go the site using the DNS

Re: [FW-1] RH 7.0 & SP4

Nick, You need to use the replacefiles rpm option with the Checkpoint upgrades. Try using : rpm -ivh --replacefiles CPfw1-41.4.SP4.i386.rpm HTH, Pete Goodridge --- Nick White <[EMAIL PROTECTED]> wrote: > Dear all, > > having the CP 4.1 installed in RH 7.0, after > installed > the firewal-1,i

Re: [FW1] securemote unattended login

Idan, This strikes me as a bad idea on the face of it. Assuming it's a good idea get a copy of winbatch. This software allows you to write programs that fill out windows dialog boxes, etc. I don't believe winbatch encrypts anything so your username/password will be sitting there in plain text.

RE: [FW1] FW log working slowly

Turn off DNS resolution under Select->Options->Resolve addresses. It becomes usable. Of course then you can only see ip addresses, but... HTH, Pete Goodridge --- [EMAIL PROTECTED] wrote: > > Just seconds! Wow, that's fast. The normal situation > here is 10 seconds to a > few minutes before i

Re: [FW1] Secure remote & AT&T cable modem

SR works fine for me though my AT&T cable modem. It actually worked better than dialup, since I have a laptop that I carry back and forth to work. I don't have to flush my routes anymore since I'm always using the ethernet interface all the time. What exactly is not working, or whatever? TH

[FW1] OT: Trend Vendor recommendation needed

Hi, I've been looking at e-mail anti-virus scanning products. Trend would be an easy choice to sell management, but the vendor we're talking to doesn't like using CVP, even though this is one of Trend's selling points. Can anyone recommend a Trend vendor in the Boston area who has done good wo

Re: [FW1] Installing on Linux

Elliot, I'd be really surprised if you can get Checkpoint 4.1 to work on Redhat 7.1, since 7.1 uses the new 2.4 Linux kernel. You'll have better luck with using Redhat 7.0 which still has the 2.2 Kernel. Make sure you get 4.1 sp3. Sorry, I don't have a good doc link. HTH, Pete Goodridge --

Re: [FW1] Web server in DMZ

Ivan, Did you remember the arp and the route? Shouldn't you be nating to the internal IP? You also need a rule to translate the private ip address source going out bound: src:10.1.1.100 dest: any service:http src:public ip dest: same Also make sure you test from outside the fw. HTH, Pete Go

Re: [FW1] Secure Remote Through a Linksys Router.

Yes, it is. I know I'm using that exact model now. You'll need to: Use IKE for SR Enable IPSEC passthru on the Linksys You may also need to: Enable UDP encapsulation on your firewall Upgrade the firmware on the Linksys box. I'm using firmware v1.37, Jan 03 2001 HTH, Pete Goodridge --- "Wi

Re: [FW1] FW1 vs. Nokia etc.

Jan, Between Nokia and NT I'd go with Nokia. I'd also recommend looking into running Checkpoint on Linux. The hardware will be cheaper, and the maintenance will be much cheaper. I have two Checkpoint VPN-1s running on Linux, and I'm getting ready to move 5 Nokias running Checkpoint to Checkpo

Re: [FW1] Xwindows

Hi, Phoneboy has a FAQ on running X-winodws, etc. though SecuRemote at : http://www.phoneboy.com/fw1/faq/0164.html You can also find a free version of ssh at: http://www.openssh.com/ Also, checkout VNC which is a windows/unix remote control free product from AT&T. It has an advantage over r

Re: [FW1] securemote error

Aldofo, No clues,just questions: What encryption are you using, FWZ or IKE? Is your Secure Remote PC behind a NAT device? THX, Pete Goodridge --- "Cadillo, Adolfo" <[EMAIL PROTECTED]> wrote: > > Hello all, I am getting the securemote error every 5 > seconds. I login and > everything works

Re: [FW1] Installation on Linux

Aeon, I believe when you install SP2 you need to use the --replacefiles rpm option. HTH, Pete Goodridge --- Aeon <[EMAIL PROTECTED]> wrote: > Can anybody please give me some assistance in the > installation of CP sp3 on linux (redhat 6.2)? I've > download sp2, and sp3 from Checkpoint's site a

Re: [FW1] X over Secureclient

Hi, Phoneboy has a FAQ on running X-winodws though SecuRemote at : http://www.phoneboy.com/fw1/faq/0164.html You can also find a free version of ssh at: http://www.openssh.com/ Also, checkout VNC which is a windows/unix remote control free product from AT&T. It has an advantage over running