Hi..
I need to remotely upgrade my other branch's Checkpoint firewall (solaris)
from CP4.0 to CP2000 and at the same time, its external IP of the firewall
(which CP was installed on) needed to be changed. I need to ask a few
questions about the upgrading procedure as it involves change of IP as
Hi!
I'm installing NG Feature Pack 2 Beta, Management
Client on Solaris. I have no problems to do the installation but when I try to
run the PolicyEditor I got the message: "ld.so.1: /opt/CPclnt-50/bin/FWui:
fatal: libgen.so.1: open failed: No such file or directory"
Do you know why do I
You have to define CPHOME , FWHOME and WUHOME.
and
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/PATH/CPclnt-50/lib/
cheers
Sadir
Beatriz Tapia López wrote:
Hi!
I'm installing NG Feature Pack 2 Beta, Management Client on Solaris. I
have no problems to do the installation but when I try to run
Hi to eveyone
We'are trying to configure a Remote Access VPN between Check Point VPN-1 and
an Windows2K IPSec client, but... no way !!
We've spent several days with this configuration, and we need more eyes to
see what we have in front of us... I hope you can help.
We've been trying it
Hi @ all!
i've a problem with checkpoint 4.1 SP5, Solaris 8, 32 bit modus.
if we surf the web and the URL have an @ in it, checkpoint will generate a
FW-1 error.
Do anybody now how to troubleshoot this problem?
Thx
=
To set vacation, Out Of
Hi,
I got a Nokia IP330 running VPN-1 4.1 SP5 that establishes a tunnel to
a=20
Cisco 1720 using DES and SHA-1.
Behind the Firewall are a DMZ (1 Subnet) and LAN (several subnets)
behind=20
the Cisco is only one /24 net.
I defined an encryption Domain on the Firewall that includes the DMZ and 2
=
Hi, Everybody,
I want use VRRP on Nokia for FW HA, does anyone know can I install management server
and fw module on same machine.
Thanks
Tao Lu
--
ǧ½ðÄÑÂòÐÄÍ·ºÃ ÌØÊâÓÊÏäÓû§Ãû¿ìÇÀ¹º
http://mail.21cn.com/business.html
ÊÕ·ÑÓÊÏäÖÜÄêÇì
At 11:12 05.04.2002 +0200, Landolt Michi wrote:
Hi @ all!
i've a problem with checkpoint 4.1 SP5, Solaris 8, 32 bit modus.
if we surf the web and the URL have an @ in it, checkpoint will generate a
FW-1 error.
Do anybody now how to troubleshoot this problem?
this is a known problem, contact
We recently upgraded from FCS5 to FCS11 of IPSO
3.4.1 on our Nokia 650s - has anyone seen any issues with this? The
problem is, we experienced our FIRST ever core dump. Any info would be
greatly appreciated.
Thanks!
Brian
Title: IP330 or 220!?
Hi,
I'm after some advice follwing a conversation with our VAR today. We have a number of Checkpoint packaged RL50s - which i have always been led to believe are rebadged IP330s (they look indentical, having worked with 'real' 330s too). Today our VAR said that we
Dear all,
I am now using the CheckPoint Firewall SoftwareVPN-1
FireWall-1 Version 4.1 and I have to enable RPC (Remote Procedure Call)
services among two machine through the firewall, because I use NIS services. I
have found the right pre-configured service infirewall software, but it
I called Checkpoint support on this and they were telling me that they have
no records of this problem and wanted to charge me $450 to create a custom
hotfix for me. Pls note that we have software subscription contract and
still they insists hotfixes are not covered under the ss contract.
If
This is for 4.1:
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1
FWLOGDIR is the String Value name
Your new path is the String Value data
EX:
FWLOGDIRE:\FW1LOGS\
-Original Message-
From: Butler, William [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 04, 2002
This issue is covered under:
CR00036373 - Can not access a URL that contains the '@' sign
We got the HotFix as part of our Support Contract with our Vendor, but I
would think that if you have a SS contract, and this is a bug that does not
need further investigation they should issue the fix to
I have the following CRON Job set up to run on FW-1 daily:
59 11 * * * /opt/pkg/FW/bin/fw logswitch old.log (This works fine in
switching out the log file)
05 0 * * * mv /opt/pkg/FW/log/old.log /var/test/logs/`date
+%m%d%y-%H%M`.log (This line generates an error file---see below)
When the
It is my first time trying to get a solution id (skl3948) from the Secure
Knowledge Checkpoint DB, but I'm asked to enter another login/password and I
cannot enter.
Could someone tell me why and could someone send me this file?
Kenny I saw you asked before for this technical document... do you
I have a problem on Checkpoint NG.
In some cases when the NG recevies e-mail from the external interface
and the mail contains an attachment the NG accepts the mail puts it in
the spool's D_resend directory, and nothing else happens.
Normally it has to send the mail to another server on the
Ah. Yes, I did not mention in my earlier reply that I use cron to run a
script to do the switch, among other tasks, and not the fw logswitch command
itself. I did not notice the distinction until I read another reply to your
question.
Chuck Sterling
System / Network Administrator
NASA White
scripting is best,
but you should also remember that cron has minimal environment settings,
so it is very possible that the system does not know where to find the date
command.
why don't you fully qualify the date command and see if your setup is
working?
Pete
-Original Message-
From:
Two things.
First, are the double quotes in the date command format string necessary? I
use the following:
DATETIME=`date +%d%b%Y_%T`
$BINDIR/fw logswitch ${DATETIME}
This yields log files with the following name convention:
22Mar2002_23:55:00.log
Second, why do it in two steps? I feed the date
I ran into this issue as well, gave up on Checkpoint and backed back down
to SP2, since SP6 was not out yet.
|+--
|| Matthias Leu [EMAIL PROTECTED] |
|| Sent by: Mailing list for discussion|
||
Thanks for all of the help. I took numerous individuals suggestions and
created a script and had cron call that script.
It worked like a charm.
Thanks again.
-Original Message-
From: Hal Dorsman [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 05, 2002 10:14 AM
To: [EMAIL PROTECTED]
Chuck,
I was not aware that I could use the date command in the logswitch.
That makes a lot more sense to do it in one step. Thanks for the
pointer.
Joe Gallo
-Original Message-
From: Sterling, Chuck [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 05, 2002 10:52 AM
To: [EMAIL
This is a follow-up to my original posting. I solved the problem,
although the solution is, in my opinion, not an ideal one, since it
alters a default behavior of FW-1. A number of people have replied to me
off-line asking if the issue was solved. It's best to post a summary
here.
First, a bit
Hi
I have this single line in my cron file and it works fine for me:
(FWDIR=/usr/lpp/CPfw1-41; export FWDIR; /usr/lpp/CPfw1-41/bin/fw
logswitch)
If you do not give any parameter to logswitch it creates a file named
according to the following mask: DDMMM-HH:MM:SS
where MMM is the
Recently I upgraded my Checkpoint manager and GUI to 4.1 SP5 and now
whenever I try to use Get address when defining an object, I get an
error Error: Cannot Resolve Name!. The happens on all of our GUIs, both NT
and Motif GUIs, and is not a DNS issue, as DNS works from all the client
machines we
You should not install the Management server and the firewall module on
the same machine in an HA configuration.
Always use a distributed configuration with HA whether Nokia, or
otherwise. If your management server/firewall module fails, and it is
the primary in the VRRP cluster, then you would
If you ping the object name on the manager, does it resolve? Any new objects
behave like this?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]]On Behalf Of Jason
Borkowsky
Sent: 05 April 2002 18:48
To: [EMAIL PROTECTED]
Subject: [FW-1]
is the FW running on unix?
it looks up in /etc/hosts
Try from a shell prompt just typing hostname and see what it spits
out... that is what it should resolve when you do Get Address
Scott J. Friedman, MCSE CCSE CCNA
Security Cisco Routing Engineer
LDMI / Ideal Technology Solutions, U.S.
Email
Greetings,
I have successfully created two vpn tunnels from remote PIX sites to a FW1 V.4.1
platform here in my building. (tunnel three is in process). I have found commands to
clear the SA tables on the Nokia / Checkpoint appliance, but can find no good
documentation of tools to monitor the
Hi master of firewall-1 :)
Hi, I lost of connection to firewall (RCO and Policy editor) when I install
the policy (in random form).
Firewall-1 4.1 SP-4 and WinNT 4.0
I need help please
Thanks.
=
To set vacation, Out Of Office, or away messages,
Do an fw unload target and then try to connect to the firewall from the gui.
Verify the rule base and make sure none are restricting you from connecting.
Ciaoo
Carlos Roque
Hi master of firewall-1 :)
Hi, I lost of connection to firewall (RCO and Policy editor) when I install
the policy (in
Just an FYI...it appears THERE IS an issue with the
FCS11 with SP5 - SP5a is NEEDED for it to work properly!
- Original Message -
From:
Brian
Fritz
To: [EMAIL PROTECTED]
Sent: Friday, April 05, 2002 7:33
AM
Subject: [FW-1] CP 4.1 SP5 on IPSO 3.4.1
FCS11?
Make sure you have selected in Global poperties allow control conections to
firewall (or something like this), or if you do not want to have this
selected you have to add rules so that the enforcement poit, management
server and gui client modules communicate betwenn them.
I know that
34 matches
Mail list logo
