Title: Adding ssh service
Dear all,
Does anyone try to add the customized service for ssh as I cannot find it in all the service type? How can I add it?
Thanks.
Ken
Ken Chan Email: [EMAIL PROTECTED]
Tel: (852) 2608 6226 Fax:
love 2 get answers regarding step by step
approach on securing (OS Hardening) of NT 2000 server for NG
??
Thanks in Advance
Haim
-Original Message- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thu
5/30/2002 6:25 PM To: [EMAIL PROTECTED]
Cc: Subject: Re:
Title: Adding ssh service
New
tcp service, port 22, source port 512.
Lars
-Original Message-From: Ken Chan
[mailto:[EMAIL PROTECTED]]Sent: Friday, May 31, 2002
09:18To:
[EMAIL PROTECTED]Subject: [FW-1] Adding
ssh service
Dear all,
Does anyone try to add the
Title: Adding ssh service
AddTCP and UDP port 22.
-Original Message-From: Ken Chan
[mailto:[EMAIL PROTECTED]]Sent: 2002531 15:18To:
[EMAIL PROTECTED]Subject: [FW-1] Adding
ssh service
Dear all,
Does anyone try to add the customized service for
ssh as I cannot find it in
when I installed FP1 on 2000 it ran as part of the installation a lock down
feature for thr 2000. Appears to be OK
-Original Message-
From: Haim Chibotero [mailto:[EMAIL PROTECTED]]
Sent: 31 May 2002 09:57
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Installing NG on 2000 server
love 2
Title: RE: [FW-1] Installing NG on 2000 server
What windows services did you disable and which ones did you leave?
Did you touch the registry? Anonymous restrictions and so on? Any tips ?
Thanks,
Serge
-Original Message-
From: Brokenshire, Steve [mailto:[EMAIL PROTECTED]]
Sent:
There is a checkpoint knowledge base article on NT , most of the items will
apply to 2000 as well
it is Solution ID: 55.0.4232373.2607295
-Original Message-
From: Serge Vondandamo [mailto:[EMAIL PROTECTED]]
Sent: 31 May 2002 10:26
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Installing NG
Has anybody else seen this
pattern in the log files? This happens to us on an irregular basis. Yesterday
there was 110 entries throughout the day. The only thing that changes between
the entries is the Num, and Time; everything else is the same.
There is no information to go
on, so I
Title: RE: [FW-1] SecuRemote causes BSOD?
I've got the same problem with SecuRemote NG FP1 on a W2K laptop with a D-Link DWL-650 wireless card. It's a conflict with the D-Link configuration utility, which loads in the StartUp group.
Solution: Remove the D-Link config utility from the
I had a problem similar to this. Try setting the checkpoint service to start
under the admin account not the system account. This cleared up all of my
issues.
Brian Drake
Central Technology Services
-Original Message-
From: Russell Washington [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
Can anyone give me the benefit of their experience regarding redundant
management. Dealing with a worldwide implementation of Checkpoint
Firewalls and the customer is concerned with having redundant management servers
in the case that a connection goes down between the management server and the
I have found that if your log file is larger than a couple of
hundred meg the logswitch will fail on WinNT/2k. Try doing a fwstop,
move the contents of the $FWDIR\logs directory into another directory
outside of the logs directory. Do a fwstart and wait 5 min and try your
fw logswitch
The best source I've come across is PhoneBoy's (Dameon D. Welch-Abernathy)
book titled Essential Check Point FireWall-1. It cover's both of your
concerns and a lot more.
Reese
Haim Chibotero [EMAIL PROTECTED]
Sent by: Mailing list for discussion
We are changing our ISP. They have assigned us a Class C Subnet that we
had our FireWall Management server assigned to. We have a total of 4
FireWall-1 Enforcement Modules. 2 of these enforcement modules are
connected to the same switch as our management server. These have
retained their SIC.
I tried sending a message about 20 minutes ago and haven't seen it yet.
Just testing to see if this one shows up.
Thank you,
Layne Meier
=
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the
Good day all,
In upgrading a number of remote FW modules, we are seeing about 50%
failing to make the initial SIC connection after the reboot during install.
This, along with the default filter, locks us out of the FW and makes our
life very difficult.
We are following the exact same
Hello everyone,
this below is my networks sketch where I set up a tunnel VPN between 2 FW-1
4.1 :
LAN-A - Cisco VPN 3000 Concentrator-1 FW-1 =TUNNEL-VPN
FW-1Cisco VPN 3000 Concentrator-2--LAN-B
Now when I try to ping to a server in LAN-B from LAN-A everything works
Fixed my own problem.
It ended up being that my external network object definition was wrong.
Robert Iaboni
Systems Administrator
Waterfront International Ltd.
Tel: 416-368-6500
E-mail: [EMAIL PROTECTED]
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL
two tips !
1.
pkginfo | grep CP
to make sure it is installed.
2.
env
to make sure you have in the PATH otherwise there is
is a .file you have to excute to get the path.
[EMAIL PROTECTED] wrote:
Hi Gurus,
We are upgrading our checkpoint firewall ver 4.1 to NG. First we
start upgrade the
Hi,I followed this procedure ... I applied the Feature Pack 1 and I obtain this message:# cpstartStart cpsharedSVN Foundation: Starting cpWatchDogSVN Foundation: Starting cpdSVN Foundation: Starting snmpdSVN Foundation startedStart fw-1FireWall-1: starting external VPN module -- OKFireWall-1:
lock down feature? Is it a new feature? what does it do? Does it removes all the unwanted and possible weak services?
Also, as serge suggested, what are the services/registry settings that were done manually.
thanks, God i love this list..
-dev
K.R.Devarajan
CrossAccess Corporation
2900,
Title: Location of CVP Manager
Hello All,
I've noticed from documentation that The CVP Manager can be installed on the VPN-1/Firewall-1 Module that will be invoking it, or on a different machine
If I want to go with the or on a different machine option, does the different machine have to
Are the objects same name, same IP or are they same name, different IP???
If your duplicate objects are same name, same IP then when you merge the
object files together make sure you delete all duplicate entries by cutting
the duplicates out. BEWARE - kiddies don't do this at home.
If your
HI Gurus, I need configure VPN between SAP America and my network, The
problem is that SAP demands to me that the server who connects must have
valid IP Address, my server have invalid ip address but have NAT Static whit
valid IP address, and NAT is OK, but when my server connect across the VPN
Title: Location of CVP Manager
I believe that it can run on anything. No
Checkpoint involved.
Brian Drake
Central Technology
Services
-Original Message-
From: Spadafora, Robert (CA -
Toronto) [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 11:33 AM
To:
[EMAIL
Hi,
I think this means that you have not configured both sides of the VPN
tunnel with the same encryption configuration options.
As a note, in order for NAT'd encryption to work you need to use UDP
encapsulation.
Regards
Ben
-Original Message-
From: Andrade Guerra, Marcelo
This is the best discussion I've seen on this topic:
http://www.isp-planet.com/technology/2001/ipsec_nat.html
Called Slipping IPSec Past NAT
enjoy
Hal
-Original Message-
From: Andrade Guerra, Marcelo [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 10:52 AM
To: [EMAIL
Hi,
Are you sure this diagram represents the architecture you want? If yes, then what is
the Cisco kit for?
Not sure why you have this problem, but I would check that you have the same set of
VPN configuration options on both FW-1 boxes.
Regards
Ben
-Original Message-
From: Fab
As a note, in order for NAT'd encryption to work you need to use UDP
encapsulation.
That only applies to SR and the original post suggested a Site to Site
VPN.
I need configure VPN between SAP America and my network
-Don
=
To set vacation, Out
Personally I think you would be better off manually rekeying all objects and
naming them accordingly in the enterprise management server. the other
method will workeventually.as the mike says. I imagine that your
single gateway implementation is not t big though. the greater the
I have a pair of Nokia's running IPSO 3.5 and NG FP2 with VRRPmc and state
sync.
I have some queries/problems:
Traffic initiated from the external interface on the secondary firewall (eg
dns, ntp) goes out fine but the reply traffic is picked up by the external
interface (the real ip not the
The fix I received for this from checkpoint was to use
mac_xlate (true) // (Default is false)
in the options section of my userc.c file on the secureremote clients..
this seems to have solved the issue for me..
Anthony Mendoza wrote:
Are you using DHCP for to obtain DNS services on your
Is there a block on UDP port 500 on the networks between endpoints? No
response would suggest connection failure.
-Original Message-
Subject: [FW-1] VPN And NAT
HI Gurus, I need configure VPN between SAP America and my network, The
problem is that SAP demands to me that the server who
I have a pair of Nokia's running IPSO 3.5 and NG FP2 with VRRPmc and state
sync.
I have some queries/problems:
Traffic initiated from the external interface on the secondary firewall
(eg
dns, ntp) goes out fine but the reply traffic is picked up by the external
interface (the real ip not
Hi,
I am taking the NG Admin exam and have heard a lot about Checkpoint testing on
experience as well as what was taught in the class. I do no thave much
experience and was wondering if anyone knows of sample questions for the exam so
I know what to study for.
thanks
-Rob
Jeff LaCoursiere wrote:
Hi,
I have a securemote user on DSL with a wireless home network. His
particular wireless device is USB based (Buffalo 11MB) on Windows 2000.
Securemote refuses to bind the interface, however. If he puts a PCMCIA
based wireless card in the same laptop it binds and
Rob, I don't want to be annoying to this list but you can find many
certification-related links here:
http://www.rtek2000.com/Tech/I-SecureLinks2.html
**
Roman Zeltser,
@National Computer Center,
RSIS DNE
-Original Message-
From: [EMAIL PROTECTED]
Title: Message
huh
-Original Message-From: Tom Tucker
[mailto:[EMAIL PROTECTED]]Sent: Friday, May 31, 2002 2:45
PMTo:
[EMAIL PROTECTED]Subject: [FW-1]
CheckPoint on Linux (is iptables doing the work)?
Hello all!
Does the
Checkpoint software on Linux use
Title: Message
-BEGIN PGP SIGNED MESSAGE-Hash:
SHA1
No tom, Firewall-1 does not use ipchains/iptables.
It uses its ownfirewall implementation which runs the patented INSPECT
VirtualMachine. This inmerses into the operating system intercepting
andanalyzing all communications.
39 matches
Mail list logo
