Title: MSN Messenger
Well..
It works perfectly here.. One thing that we have configured in the Exchange
System Admin on the Instant Messaging Settings properties,is the Firewall
Topology with our internal networks etc. I don't know if this is the root of the
problem, but it works here and
Title: Message
If you
are using swithces you will need to set a port monitor and configure it to
recieve traffic for all the ports.
I
normally set this up at the install stage and inform the customer, but your
managed service provider may not have done this.
If
this isn't the case at
After what period of time does the connection get dropped? If it is
after 1hour I would suspect IPSO flows. Upgrade IPSO to 3.5 or better...
Derin
-Original Message-
From: Shahkamal Shah [mailto:[EMAIL PROTECTED]]
Sent: 10 October 2002 17:11
To: [EMAIL PROTECTED]
Subject: [FW-1]
Good Day All,
I have configured my firewall log manager to start a new log every night at
midnight. It was working fine for awhile and then it stopped. The
appropriate configuration is there and i have pushed the rules serveral
times but no luck.
I am using solaris 7 and NG FP2Can anyone
Dear all,
I have NG FP2 cluster installed on IPSO 3.6 and following strange drops:
240891 10Oct2002 20:13:19 VPN-1 FireWall-1 eth-s1p3c0 10.255.64.245
log drop65.192.13.163 10.255.65.125
message Virtual defragmentation error: Timeout ip_id 8515 ip_len 0
this is due to the overhead in the using the default packet size on your
clients. To solve this you can either set pMTU to on or set the MTU on your
clients to say 1300 bytes.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 11, 2002 2:51 PM
Title: Message
Is the
problem that you don't know what the trap is? and possibly
why?
Or is
the problem that you expect both boxes to be generating these
traps?
For a
simple test from the command line of the Nokia box you can run: snmpstatus 10.1.1.1 public
You
can do it of itself and
hi,
I got the same problem also, It only after I upgrade to NG FP2. Does any experience the same problem in FP3?
chiam
Singapore
Don Leeper [EMAIL PROTECTED]11/10/2002 08:43 PM
Sent by: Mailing list for discussion of Firewall-1 [EMAIL PROTECTED]
Please respond to Mailing list for
All the CPspupgrade_FP3.tgz does is upgrade the SecurePlatfrom
to FP3 (the Linux OS only), none of the modules are upgraded during this
process. You have to run the install for each of the modules that you have
installed, i.e., SVN Foundation (must be 1st), VPN1/FW1, Performance Pack,
I'm also facing the same problem when I do a tracert from priv IP.
but when I do tracert from public ip there is no problem
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Fri 10/11/2002 11:58 PM
To: [EMAIL PROTECTED]
I am running FP2 as well. I didn't
have this problem before.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Friday, October 11, 2002
6:58 AM
To:
[EMAIL PROTECTED]
Subject: Re: [FW-1] tracert
question?
hi,
I
got the same problem also, It only
I actually have a couple with private IP's that will work. They are redhat
boxes, but I also have some that don't work. I just can't figure out what
the issue is. Not one of my windows boxes will work. If someone has an idea
please feel free to let us know.
-Original Message-
From:
Isn't
this because of dissallowing icmp replies? Maybe
someone who understands icmp better than I can explain it to
us.
To
support this theory is the fact that unix traceroute works,
which
uses
udp.
Hal
Hal Dorsman Network Administrator Rocky Mountain
Elk Foundation Missoula, Montana
There's comfort in knowing I wasn't the only one with this problem!
A workaround that worked for me was to remove the Automatically adjust for
daylight savings time and set the time correctly.
-Original Message-
From: Arno Hechenberger [mailto:[EMAIL PROTECTED]]
Sent: Friday, October
There was a bug in FP2 related windows traceroute. Also Checkpoint has
released hotfix named SHF_FW1_FP2_0058.w2k.zip. May be your problem is
related with this issue.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]]On Behalf Of Don
Title: Message
This
is because if the difference between the windows and the unix
traceroute..
If you try the same from an unix machine it will
work fine...
unix
traceroute is udp based...
this
problem is fixed in NG FP3
cheers
Sigi
-Original Message-From: Don Leeper
Hello all,
We do not yet have an anti-SPAM relay within our environment.
We see a lot of mail coming in that is sourced from the person it is
destined to. With Outlook messing with the header information, we don't get
a good sense of where it originated but my question is this:
How would you
Hal Dorsman wrote:
Isn't this because of dissallowing icmp replies? Maybe
someone who understands icmp better than I can explain it to us.
To support this theory is the fact that unix traceroute works, which
uses udp.
But the responses are still ICMP lifetime exceeded no matter whether
How did you overcome it?
Reginaldo Moreno wrote:
Yes, but others servers.
- Original Message -
From: "Graham Schofield" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 09, 2002 12:54 PM
Subject: [FW-1] SecurePlatform
Has anyone experianced problems
Hi !
I have a NG FP3 on Windows2000 Adv Server and noticed the same problem !
I am located in AUSTRIA. So I thought the reason is GMT +1. But in this case I think
this is a bug !
Arno Hechenberger
citydata
-Ursprüngliche Nachricht-
Von: Schmahl, Rick
Hi
I am having problems setting VPN-1 SecuClient NG to connect VPN 1/ FW1
gateway. I have configured the gateway as follows
1. A workstation object represents the machine where the gateway is
installed. VPN is configured for IKE with 3-des for key exchange, MD5 for
data integrity, and pre-shared
Can someone tell me why, when I do a tracert I get request
timed out but when I get to the address it comes back. My internals are nated
to the fw external ip. I allow my pc anywhere. What is the issue with this. I
copied what I see down below. Thanks in advance.
Tracing route to
Title: RE: [FW-1]
Hi Sanket
This is just a list you might want to check before anything else...
1. Make sure you have the license for Secure remote installed.
2. Make sure your network object for your firewall has the VPN enabled domain exported for Secure remote (checkbox) and of course in
Hi,
This is how I did it,
1.In the gatway object properties / VPN make sure exportable for secure
remote is ticked.
2.Create a rule which says:
secureremote@anyDestination Network Any Client Encrypt
LongGateway
3.In Client Encrypt properties make sure source and
I tried to add a customer in Provider-1 NG FP2 today,
but it timed out. When I tried to add it again, it said
that the object was already defined.
I managed to fix it by deleting the customer in customer.C
file, but I was just wondering why this is happening?
Regards,
Torkel
One of my customers is experiencing the same error message on a simpler
configuration when the OWA box on the DMZ tries to authenticate with the
internal PDC.
This has been working fine, and no changes have been made. The log entries
look like this:
action-ACCEPT, service-NBDATAGRAM, source-OWA,
Not sure if you read my saga earlier, but WIN2K looks like a dodgy platform for NG.
I went to NT 4.0 FP3 and everything works as it should.
Symon
-Original Message-
From: Neil De La Cruz, CISSP [mailto:neil;APPLIEDNETSYS.COM]
Sent: 11 October 2002 21:25
To: [EMAIL PROTECTED]
Subject:
Title: RE: [FW-1] FP2 client auth ssl
A hotfix was recently released to address this issue. Contact your support provider to get it.
Alternatively, I have been told by one source that this is fixed in the current FP3 binaries (at least for IPSO)
-Original Message-
From:
Hi,
I am configuring a VPN link between a Checkpoint 4.0 on Nokia IP330 and a
Cisco 2621 VPN router. When configuring ISAKMP encryption parameters on
Checkpoint 4.0 gateway, I couldn't find where to set the IKE SA lifetime and
IPsec SA lifetime values.
Can someone tell me how to find out what
If you are using DHCP, the MAC address is the unique identifier unless
you are using DHCP client ID's (which generate a seperate hex code for
unique ID)...scan through your DHCP logs for the MAC..
Sometimes you need to look at the easy answers 8-)
-Mike
On Friday, October 11, 2002, at
30 matches
Mail list logo