It's possible to do source address NAT, based on destination, if you use
manual NAT rules. They would have to sit higher in the Address Translation
rulebase than the automatic NAT rules (which it sounds like you're using).
If that doesn't work, I'd suggest doing manual NAT rules for both cases; a
Title: VPN/NAT help need for FW 4.1 and Netscreen 5XP.
When you say "tracert the NetScreen network" are
you saying that traffic initiated from the HQ network is getting a reply from a
router between the FW-1 and the NS boxes?
If that *is* the case... the HQ-initiated traffic
isn't going
Hello!
We have NG FP3 with site-to-site VPN connection.
This VPN connection works OK, but sometimes he receive Drop messages with
the following error message:
encryption failure: decrypted methods didn't match rule.
This message is receive for SMTP connection (on separated rule with the same
Tony,
As far as I know when you open the GUI it always displays the most recent
saved (PullDown - File - Save[as]) policy, no matter if it is the
installed policy or not. I would open the installed policy from file and
explicitely save it back to the mgmt. I guess this should fix your problem.
Mark Pace Balzan a crit:
[FW-1] fw-1 4.1 on solaris7 trouble
Hi All,
hello
I subsequently also get a Unable to to open '/dev/fw0':
No such file or
directory
It looks like your solaris install didn't execute well.
the CPfw1-4.1 postinstall script should have
Title: VPN/NAT help need for FW 4.1 and Netscreen 5XP.
Hi
Russell,
First, I
have both policies set on the NS but when I enabled the VPN tunnel; there is no
traffic at all. Request timed out.
So, I
decided to test the allow/permit to see if I can get some sort of connectivity
and the
Hi,
since we've upgraded our 4.1 to NG FP3 some users report that
mails that come from mailing-lists are destroyed.
I think that have something to do with the mail-header size.
How can solve this problem ?
greets
Chris Malik
--
=
To set
There´s a known issue about some packets, rejected by Unexpected SYN
response, and it´s solved by Hotfix 1.
It could be the problem.
Mauricio F. Muñoz Quevedo
Security Consultant
Etek International Holding Corp- Colombia
Chris Malik wrote:
Hi,
since we've upgraded our 4.1 to NG FP3 some users report that
mails that come from mailing-lists are destroyed.
I think that have something to do with the mail-header size.
How can solve this problem ?
Did you install HF1 also in combination with FP3 ?
Have some
Greetings!
Alberto wrote:
I've the same problem... It's with e-mails with To: field larger than 1
kbyte. I'ver been told it's a bug, but CP support doesn't give you the
patch if you only have software subscription.
since we've upgraded our 4.1 to NG FP3 some users report that
mails that come
I have an annoying problem using SmartView Tracker on my Win2K PC;
it often crashes just after auth. to the management server.
Often I have to try 2 or 3 times using/starting this 'smart' tool,and
then I 'get through'...
Win2k says that an error log is being generated.
Provided you don't
Can these two co-exist on the same machine? I have 4.1 Firewalls that I am
in control of and in our Corporate office we have an NG firewall that
handles VPN connections. I need to be able to look at logs and such on the
NG one. Can I install the client for it and at the same time not break my
4.1
Greetings!
Tim Parker wrote:
Can these two co-exist on the same machine? I have 4.1 Firewalls that I am
in control of and in our Corporate office we have an NG firewall that
handles VPN connections. I need to be able to look at logs and such on the
NG one. Can I install the client for it and at
Unsuscribe me thanks
=
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing
Tim Parker wrote:
Can these two co-exist on the same machine? I have 4.1 Firewalls that I am
in control of and in our Corporate office we have an NG firewall that
handles VPN connections. I need to be able to look at logs and such on the
NG one. Can I install the client for it and at the same
Great! I was hoping that was the answer! Thanks for the quick reply.
-Original Message-
From: Volker Tanger [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 9:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] FW1 4.1 Client and NG Client Software...
Greetings!
Tim Parker
Yes, it works fine for me. I have customers with both version and is
manageing these from the same box.
/ Stefan Alkman, Martinsson Informationsystem AB, Sweden
Tim Parker [EMAIL PROTECTED]
Sent by: Mailing list for discussion To:
[EMAIL
Beware that cluster xl on Solaris has problems with
security servers and other functions.
In general, the basic firewall stuff works.
1. The addresses of the cluster members may be anything,
but the addresses of the cluster object is routable.
The inside and DMZ legs may be
Hi all,
I have a infraestructure of two Nokia boxes with IPclustering
(IPSO 3.6 FCS 4) with Checkpoint Firewall-1 and VPN-1 Pro FP3
HF1.
I have configured the infraestructure with the document of
www.digitalmigrations.com where explain how to configure
without VPNs. Everything works properly
=
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the
ah, so they've known that RFC when developing FP3?
and, what about email clients? none of them accomplish RfC 821?
Regards.
Volker Tanger wrote:
Greetings!
Alberto wrote:
I've the same problem... It's with e-mails with To: field larger than 1
kbyte. I'ver been told it's a bug, but CP
Title: SecuRemote and ClusterXL
Hallo,
we have two nodes Checkpoint NG FP3-HF1 on Solaris 2.8 installed
with ClusterXL.
Each node has an ip-nat-pool for use with VPN client connections.
When both nodes are aktive, some times the client-ip is not natted to a pool-ip,
but the destination-ip
Hi,
We are planning to upgrade our Provider-1 4.1 SP-4 to SP-6 and have
never done this before. I read this in the release notes:
mdsstop
mds_install
Is this it?
Regards
Petra
=
To set vacation, Out Of Office, or away messages,
send an email to
Ive run into a problem trying to update our internal LAN PCs to
Microsofts Update site when using the Websense software. Removing all restrictions on the
Websense package still prevents updates and can only be accomplished by opening
the internal network rule on the firewall to http
It should be that easy yes. I would recommend to test it first though.
Regards,
Torkel
-Original Message-
From: Petra Klein [mailto:[EMAIL PROTECTED]]
Sent: 12. februar 2003 16:46
To: [EMAIL PROTECTED]
Subject: [FW-1] Upgrading Provider-1
Hi,
We are planning to upgrade our
It looks like, how is not running de HA with this kind of traffic.
You could to review the advanced properties of this TCP
(FW_topo...advanced here you´ll have a checkbox to Clustered this
TCP).
- Mensaje Original -
De: Bahl, Jürgen (I B 5) [EMAIL PROTECTED]
Fecha: Miércoles,
Question 1
In SmartStatus, we see the current firewall connection details. These
include CPU usage, memory usage, total number of accepted packets, etc...Is
there a way to log this information for analysis? If not, how would we log
this type of information - Performance Monitor?
Question 2
When
Greetings!
Alberto wrote:
ah, so they've known that RFC when developing FP3?
and, what about email clients? none of them accomplish RfC 821?
It seems that many clients (checked mutt, Mozilla, Outlook) just pass
the address(es) on unchecked - expecting the next MTAs (sendmail,
postfix,
Title: Message
This
is a known issue with Websense's Premium Group III category. It blocks access to
.vbs file coming from web servers. I've not looked at it this morning but as of
yesterday it was still broken. There is a document in Websense's knowledgebase
about this specific issue.
Title: Message
I am
not sure this is this customers issue, but the PG IIIissue has been fixed
in the latest database build last night. Please let me know if it is still not
working.
Thanks
-Original Message-From: Kinnee, Erick
[mailto:[EMAIL PROTECTED]]Sent: Wednesday,
You should also beware that this will only work with IKE vpn's on firewalls that have
authenticated topology downloads.
Lars
-Original Message-
From: Tim Parker [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 15:28
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] FW1 4.1
M.,
The error log is really the dr Watson log file (drwtsn32.log). Usually located in the
winnt or system32 dirrectory (don't remember exactly).
Lars
-Original Message-
From: Marc Elsen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 14:18
To: [EMAIL PROTECTED]
Marc Elsen [EMAIL PROTECTED] wrote:
I have an annoying problem using SmartView Tracker on my Win2K PC;
it often crashes just after auth. to the management server.
Win2k says that an error log is being generated.
Provided you don't hit cancel : where is this error log created ?
I can't
I'm going to build a new NG firewall and I don't want to do an inplace
upgrade. The existing 4.1 firewall is running on Solaris. Is there a way,
other than viewing the ugly objects.C file, to export or view all the
hosts, networks, group names and the IP addresses of the host and networks?
For the moment I do not have information about cisco and Lucent cards. Does
someone have insite on those two or on other ones ?
Cisco wifi nic's work fine with Securemote Build 4200
Return-path: [EMAIL PROTECTED]
Date: Tue, 11 Feb 2003 14:33:01 +0100
From: Christian ALT [EMAIL PROTECTED]
Dear NG gurus,
We are having problem to synchronise the Policy
between Management servers in NG FP3 and would
appreciate if someone can give us some hints, tips how
to fix it.
In the pass we setup our management servers as:
Solaris 2.7
CP FW 4.1 SP5 ( Firewall module + Management module on
each
Your synchronization hack days have come to an end. Sorry :( Due to the
internal CA embedded in the management server, you will no longer be
able to just copy files over in this fashion. Actually Check Point has a
nifty new product that is right up your alley. Its called Management
High
Lucent Orinoco Gold 802.11b works with Secure Client builds 4199, 4200 and
53328. So does the Cisco Aironet 340 access point. All using 128 bit WEP.
For the moment I do not have information about cisco and Lucent cards.
Does
someone have insite on those two or on other ones ?
Cisco wifi
Hi, Joerg,
Thanks for reply. The problem is when I opened the saved and closed the
window. The window still remains blank when re-open. Any ideas? Thanks,
Tony
-Original Message-
From: Joerg Fritsch [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 12 February 2003 7:43 PM
To: [EMAIL
We had the oportunity to review the Nokia IP30 as a SOHO firewall. We would
be interested in experiences people had with this device and comparisions
with Checkpoint S-box. One of the major issue that was mentionned to us is
the management function which is free on the IP30 with Horizon Manager
40 matches
Mail list logo