My license is a Enterprise license. But does that automatic let me have
more than one enforcement point?
/Ole
Roland Pintal
[EMAIL PROTECTED] To:
[EMAIL PROTECTED]
Sent by: Mailing list for discussioncc:
Hi,
Okay,
I did some some investigating :
1. modinfo -p fwmod.2.4.x.o showed that you feed the kernel version during loading of
the module
2. grep fwmod on /etc/rc.d/init.d/ showed me which script its loading - /etc/fw.boot/
3. looking at the various scripts, I can see that it greps out the
That's what I would do... nmap to the rescue! ;-)
J.
From: David Ho [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Discovery of FW-1
Date: Mon, 25 Mar 2002 16:37:19 -0800
Hello everyone,
Is there a way to discover
YES!!
-Original Message-
From: Ullampuzha Mana, Divakaran (GEAE, GTS India)
[mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 11:10 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Do we have to get new license when FW IP change?
Hi,
Can we go to the usercenter and modify the IP
Which kind of erros Do you receive when you compile rules??
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 6:53 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] dns redirect
I've got a weird situation here, and I hope someone out there can
Title: RE: [FW-1] VPN how much bandwith does it really cost?
I suppose once the tunnel is established, not a great deal of bandwidth.
The biggest impact might be on the CPU of the VPN server/client as the en/decryption takes place.
-Original Message-
From: Michal Kolarik
This will only work if the firewall is configured to accept these
connections. DROP or REJECT could give false results.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]]On Behalf Of James
Schnack
Sent: Tuesday, March 26, 2002 2:15 PM
To: [EMAIL
We are getting ready to move from Checkpoint's internal
user DB to LDAP. I keep seeing examples with user auth, but we use client auth.
Since I can't find anything that says explicitly whether or not you can use
client auth with LDAP, I thought that I would pose that question to out here.
Overhead varies with packet size. Small packets can see overhead as high as
100%, where large packets can see negligible overhead such as 2%.
Here is some interesting reading on the topic
http://www.tisc2001.com/newsletters/39.html
Aaron
-Original Message-
From: Michal Kolarik
Hi,
Here is a follow up.
My guess is that somewhere in the configuration there is still some references to the
old kernel version. Did you reinstall the firewall software after that you have
changed the kernel version to 2.4.9-13?
Do the md5sum match yours, so we know we are using the same
Hallo,
i have two firewall-1 connected via dedicated line and i want to monitor all
traffic that pass between.
Can someone help me?
Thank you!!!
Moreno Piotti
Technical security dept.
Wirenet srl
Strada Padana Superiore 317
20090 VIMODRONE (MI)
Phone: ++39.0225014251
Fax: ++39.0227409125
Brian,
you
can - but first of all !! Have you license for CP FW-1 LDAP
;-)
regards
rb
-Ursprüngliche Nachricht-Von: Drake, Brian
[mailto:[EMAIL PROTECTED]]Gesendet: Dienstag, 26.
März 2002 14:46An:
[EMAIL PROTECTED]Betreff: [FW-1] Moving
to LDAP
We are getting
Title: RE: [FW-1] Time Out for SecuRemote
Hi
Everyone
Can
anyone point me in the direction of a good school in the New York City
area?? There are some listed, but anyone have any first hand experience
with them??
Thanks
Russell
My point is, maybe you are trying to use a license for a firewall with a
feature that your firewall does not have installed. You might want to
regenerate your license key..
Good luck!
-Original Message-
From: Ole Jakobsen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 26, 2002 3:44
Hello..
Firewall-1 4.1SP5a (same problem with SP4), IPSO 3.4.1 SNMP.
I have a problem with a connection through this firewall, and the
behaviour I am seeing doesn't quite match Lance's description of how
connections are built in Firewall-1.
The initial SYN packet causes an entry in the state
Moreno,
If you are using Unix Based Machine, try to do the following:
tcpdump -i interace_name filter_comm_fw
Where interface_name is the name of the interface which is connected to
the second firewall (from where you are running tcpdump)
And filter_comm_fw is the file where the result of
Firewall-1 4.1SP5a (same problem with SP4), IPSO 3.4.1 SNMP.
I have a problem with a connection through this firewall, and the
behaviour I am seeing doesn't quite match Lance's description of how
connections are built in Firewall-1.
The initial SYN packet causes an entry in the state table
Hi Rajesh
On FW V4.1 there is a command called fwm -g *.W which does rebuild the
rulebase.fws file which is containing all the rules for display in the
WinGUI. May be this command is still existing on NG.
Regards
Stefan
|-+--
| |
Hi all,
we run a special ActiveX based application on port 80. Multiple Internet
clients connect to a server that is streaming data using a completely
inhouse developed protocol that does not resemble http in any way.
We notice that many clients connections are being dropped. We can see this
We configured VRRP (no HA) on 2 Nokia IP530 (each with 500MB of
RAM) with CP NG FP1 installed. The first one came up fine after
configuring VRRP. I was able to push policy from the mangement
console to the first box. However, when I pushed the same
policy to the second box, I got the
good schools? can you be more specific of what you
want to study? there are many good schools, like NYU, Columbia, City College,
etc..
Can someone please explain to me what I missed.
I have added a new interface to Nokia IP330 running IPSO 3.3 with CP 4.1.
The interface was configured in Voyager and show in the OS with ifconfig -a.
I have done the fw putkey from the management station for the new IP added.
BUT in the gui I can
Hi
there
My
apologies. Allow me to rephrase my question:
Are
there any good schools in the greater New York area that have training courses
on the Checkpoint software??
Thanks
Russell
-Original Message-From: Joe
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, March 26, 2002
12:17
Russell,
Check www.verisign.com -- they are
the official 'authorized' trining/Reps for Checkpoint in the
U.S.
Here is a link to Training Providers on Checkpoint's Site -- http://cgi.us.checkpoint.com/locator/AdvancedSearch.asp
FYI -- I've been looking into this, and I don't know if this is
I'm in the process of implementing checkpoints HA solution. I have set
things up in a test network, and everything went well. My question is I
would like to use the existing management station because of the large
rulebase I have, but the existing management sever does not have HA loaded.
We are having the same issues as a lot of people, but still have no
solution.
IP330 4.1sp2 SR 4199
SecuRemote connects just fine, and can see the internal 172 NAT network,
including MS browsing.
Browsing is slow, Exchange access is slow. Dial-up is almost too slow to
use, cable and dsl are
ISS also offers training in the US. I'm sure there are more. Than that as well.
Brian Drake
Central Technology
Services
-Original Message-
From: Brad Merluzzi
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 26, 2002 1:11 PM
To:
[EMAIL PROTECTED]
Subject: Re: [FW-1] Good
i have nokia
IP440/fw 3.4.1 fcs10 acting as fw-1 (4.1 sp5)module and mgmt m/c.
recently we changed
the ip address of the internal ip address, but the log viewer still shows the
old ip address in the origin field.
any
ideas??
Phoram Mehta
Trabon Solutions
Network Engineer
Email:[EMAIL
Title: Message
The IP
address listed in the Log Viewer is based on the entry in the hosts file on the
firewall. Update your hosts file and you should see entries with the new
address.
Daniel
R. Mengel, MCSE, CCSE
Lead
Technologist - Data Security
Info
Systems, Inc. - www.infosysinc.com
Restarting
the FW services in NT/2000 fixes that problem. Maybe similar with Nokia
-Original
Message-
From: Mehta, Phoram
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 26, 2002 3:35
PM
To:
[EMAIL PROTECTED]
Subject: [FW-1] log viewer origin
field pointing to old ip address!
I have a license for both firewalls, but when I go into the rulebase of the
exsisting management station, and edit the firewall object, it does not give
me the option to add it to a member of the gateway cluster
any ideas ??/
Thanks again.
From: Joel Turoff [EMAIL PROTECTED]
To: [EMAIL
Maybe the firewall was not installed as a distributed architecture. If it
was installed as a single gateway product the features for remote management
will not be enabled. I'm not too sure how to verify the actual package
installed. Anybody know?
-Original Message-
From: Ole Jakobsen
Sounds like your FW object is defined with the internal IP, since I believe
that's what shows as Origin in the Log Viewer (I could be wrong,
though...).
I would check the Host Address Assignment page through Voyager. Maybe you
left the old IP address there.
When everything else fails... try:
Title: Terminal server and netmeeting
This is what I always do when I
troubleshoot.
Since you're on a windoze box, you've got
to go to the msdos prompt and
prepare this command
c:\netstat -na|find
"replace.this.with.the.target.ip.address"
Before hitting Enter key, fire-up your
netmeeting
Title: RedHat 7.2 + NG
When I try to execute the CheckPoint NG under RedHat Linux 7.2 install by running ./UnixInstallScript, I get the following error:
./UnixInstallScript: line 54: 27783 Segmentation fault $ROOT_PLACE/wrappers/unix/Install_Linux -p $ROOT_PLACE/linux -w
Hello everybody,
I installed three NG firewall modules (FP1) on Windows 2000, in a
distributed way, with the management module also on windows 2000, also, I
configured the automatic static NAT in the objects NAT dialog box and the
automatic ARP configuration in global properties dialog box.
The
yes! the fw object is defined on internal ip. fwstop and fwstart also did
not solve it
Phoram Mehta
Trabon Solutions
Network Engineer
Email:[EMAIL PROTECTED] mailto:Email:[EMAIL PROTECTED]
Tel: (816) 276 2500 ext: 519
-Original Message-
From: James Schnack [mailto:[EMAIL PROTECTED]]
Title: Message
I am
sorry, entries in voyager and hosts file point to new address. maybe i shld try
fwstop-fwstart.
Phoram Mehta
Trabon Solutions
Network Engineer
Email:[EMAIL PROTECTED]
Tel: (816) 276 2500 ext: 519
-Original Message-From: Dan Mengel
[mailto:[EMAIL
I've configured that recently (in NG). You had to create a Gateway Cluster
object *first*, and only then you would see the option available in the FW
objects to add them to the cluster.
Also, before being able to create any Gateway Cluster objects you had to
*enable* them: that was done by
Hi,
I'm trying to build a tunnel between our A and B office. Both offices
are running NG FP1 Build 51129.
Tunnel is established and A can ping B. Log entries are normal.
However, when B tries to ping A, it fails and the following entry is
logged:
icmp-type 8 icmp-code 0 encryption failure:
Hi,
I have very simple checkpoint installation with a mail gateway on DMZ.
most of my SMTP mail keeps dropping with the Unknown Established TCP
packet - both inbound and outbound. to rectify this I have done the
following on the fw (ver 4.1 SP6 running on NT 4.0)
In objects.c I have increased
41 matches
Mail list logo