After upgrading from 4.1 to NGfp2 we're getting this message. The problem is however
that we have only *ONE* interface defined as external. It's however a static nat'ed
address that is contacted when this log entry appears. Anyone else seen this?
Lars
Guangcheng Wen wrote:
Hello Gurus,
The telnet session to a FW-1(NG FP3) from local net will time out
if there is no activity for some period of time. How to set the period
for long time connection without time out?
Thanks in advance.
Check properties for the telnet services.
Timeout can
Aaron,
You should use the IP Pool NAT address or the SecureClient Pool IP if you're using
that. Works fine with vnc and NG.
Lars
-Original Message-
From: Aaron Reynolds [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 00:29
To: [EMAIL PROTECTED]
Subject: [FW-1] NetOP back to
Hello,
Many thanks to Marc Elsen and Lars Troen.
OK, I get it.
Cheers,
--Wen
From: Lars Troen [EMAIL PROTECTED]
Subject: Re: [FW-1] Telnet session times out
Date: Wed, 5 Mar 2003 09:15:18 +0100
Message-ID: [EMAIL PROTECTED]
Lars.Troen Manage / Services / telnet /Advanced / Session timeout
Hi,
I hope you can help me because my management network is down ;(
I'm running Management and FWs modules in a Nokia IP650 box.
FW-1 Checkpoint version 4.1-SP6 under ipso
Recently I changes the IP address of the FW Management.
That ment I run cpconfig in the fws managed by that one and fw
How friends,
Anybody know how to block Kazza
Thanks
Title: Nachricht
Block Port UDP 4662
-Ursprüngliche Nachricht-Von: Muhammed Riyas Kunhi
[mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 5. März 2003
10:39An:
[EMAIL PROTECTED]Betreff: [FW-1]
Kazza
How
friends,
Anybody know how to block Kazza
Hi all,
I have firewall1 4.1 on Nokia IPSO, i have the last upgrade of hard and
soft, and my firewall continue to reject few ftp connections, but this is
only on server with freebsd and proftpd ?
Anyone as an action to break this kind of reject ? What is the cause of
that, freebsd or proftpd ?
yeh, Install a firewall :O)
Robert Rutherford
|-+--
| | Muhammed Riyas Kunhi |
| | [EMAIL PROTECTED] |
| | Sent by: Mailing list for |
| |
Hello friends,
I just have a big problem in my network...Some
people are accessing Kazaa., and I don´t know how to stop that in my
FW.
Anybody knows how to block Kazza
Thanks
Luis
Gonçalves
I have an external Mac user trying to access an ftp server, but he's not able to do
anything. We're not using the ftp security server, but it SmartDefense is triggering.
Both the client and the server are behind natted gateways. Can anyone explain what's
happening? I'm a bit sceptical on
Hi
Luis
Start
by going to your managers and ask them to make it clear to people that this is
not acceptable, then allow only the protocols out of your site that people
really need, i.e. port 80, 22 (ssh) 21 (ftp) and 25 (smtp) this is also a wise
move when we have all the late worms in
Which firewall? You should really be blocking everything, except specific
ports that you decide to allow, i.e. HTTP, DNS, etc.
Robert Rutherford
|-+--
| | Luis Goncalves |
| | [EMAIL
Is Kazaa using HTTP tunneling? If so, you should consider blocking
access to the specific Kazaa login IP Addresses. Just a thought.
Cheers,
Dimitris.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Luis
Goncalves
Sent: Wednesday,
There is at least one "service" out there that provides a tunnel via http.
http-tunnel.com is one. I would find all of these servers and block them.
I have 20 of http-tunnels servers blocked.
Clearly the only reason for these things to exist is to circumvent firewalls.
Andy
Luis
Check this document
http://support.checkpoint.com/kb/docs/public/firewall1/ng/pdf/windowsmediapl
ayer.pdf
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Behalf Of
Chontzopoulos Dimitris
Sent: Wednesday, March 05, 2003 2:06 PM
To:
Nitass,
I have done this on Nokia 120/210 and it is straight forward but you do
need to remember that there are more than one place where you need to
change the IP address.
Using Voyager to access the system via the internal interface
Go to Configure - Interfaces and change the IP address of the
Title: Message
Apart from the http-tunnel.com "like" servers, I believe that Kazaa is
able to perform http tunneling by itself, that is, it can connect to its "root"
or "login" servers by using http. I also believe that Kazaa is actually capable
of connecting to its "root" or "login" (you
Is an upgrade but was working fine for a lot.
Making a test i saw that the problem is FW1_ela connections received bye 1
Floodgate remote module... if a drop that connection all runs ok.
Any ideas?
Seems that the problem starts when 1 hard disk brake and we have rebuild a
new one with RAID 5
At
thanks.
Luis Goncalves
- Original Message -
From:
Andy Druda
To: [EMAIL PROTECTED]
Sent: Wednesday, March 05, 2003 12:19
PM
Subject: Re: [FW-1] Kazaa
There is at least one "service" out there that provides a
tunnel via http.http-tunnel.com is one. I would
Title: Message
Can
anyone provide a listing of these type servers?
Thanks,
Curt
-Original Message-From: Luis Goncalves
[mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003
8:08 AMTo:
[EMAIL PROTECTED]Subject: Re: [FW-1]
Kazaa
thanks.
Luis Goncalves
I solved it. It was caused by a missing route entry for this particular public address.
Lars
After upgrading from 4.1 to NGfp2 we're getting this message.
The problem is however that we have only *ONE* interface
defined as external. It's however a static nat'ed address
that is contacted
Hi,
I see a lot of posts on this topic so
sorry if I'm going over old ground. I have been looking into blocking all
peer to peer file sharing. There is a document the Checkpoint site in Secure
Knowledge that details what can be done -
Solution ID: sk15150
Title - Peer-to-Peer (P2P)
Title: Message
Doesnt
SmartDefense do http filtering for P2P
-Original Message-From: Muhammed Riyas
Kunhi [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003
4:39 AMTo:
[EMAIL PROTECTED]Subject: [FW-1]
Kazza
How
friends,
Anybody know how to
Title: Message
Can someone explain
exactly what happens when a SecuRemote/SecureClient creates a Checkpoint
Certificate (obviously after its been setup on the Firewall) that makes only
that system work with the certificate. How does the firewall know that the
SecuRemote users computerdoing
Thanks David.
Actually is there a way to use scp intead of tftp?
It seems there is a cut down version of openssh installed on SecurePlatform
- has scp but no ssh or slogin, etc. And I can't get the scp to work
(complains about no /usr/bin/ssh).
Huiqi
David Crowfoot
We are configuring a DMZ network in a HA environment using VRRPmc. Our DMZ
interfaces are connected directly to the CSS boxes. What's happening is
that our DMZ interfaces are both showing up as Master. I was told that this
is because the CSS boxes are not allowing or configured to participate to
Hi.
Firstly, greetings for everybody since this is my first post to the list.
I'm installing the version 1.3.0b of the firewall on a Solaris 5.8 for Intel
machines; this version of the firewall was distributed by Sunsoft before
breaking up with Checkpoint.
The main package of the program
Hello,
I was recently trying to find the LDAP Account management client on the
checkpoint site for downloading
I couldn't see it anywhere ...
I have downloaded it before.
has it been moved/ removed/re-named ?
does anybody know where it can be downloaded from now ?
thanks
Josh
Josh Fry
I
need advice:
Background:
·
we test the development of new web
pages on internal web servers
·
we confirm that all aspects of the
web pages are working as expected
·
we then replicate that new
information to the public web servers
·
we have 2 ways of doing this right
now both
This is how I got it to work:
Install openssh-clients-3.1p1-6.i386.rpm from RedHat 7.2
rpm -ivh --nodeps openssh-clients-3.1p1-6.i386.rpm
For fully automated, you will need to setup your identity files between the
firewall box and whatever system you are copying to so that there is no
Title: RE: [FW-1] FW-1, NAT and SSL
I'm
looking for the file $FWDIR/boot/modules/fwkern.conf, but its not
there.
Is
that a file I have to create manually or what?
This
is NG FP2 and FP3 on Red Hat 7.3 with 2.4.18-5 kernel.
Regards,
Torkel
Hi All,
We have a clustered environment using ipso and fw-1 4.1sp6
I have a problem in that dns request replies are being dropped because the
reply is coming back through the other firewall. The difference in time in
the outgoing connection to the reply is around 2-3 seconds. I thought this
I find that WinSCP works altough you do get errors, i find its the fastest way move
files around.
Hope this helps.
Rgds
Wycliffe
-Original Message-
From: Huiqi Liu [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 05, 2003 3:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Backing up
Hi i have a small issue with this product, we have 3 interfaces, one to the outside
world ...90,and two internal ones.
what we are trying to achieve is for smtp traffic to be routed to the internal mail
server. the MX record points to ...91 internal ip 192.168.2.11
we
Title: Message
After doing some
research and testing , A certificate issued by the CA from FW1 can be used on
more than one computer , i wasnt under this impression. I thought whatever
system asked form the certificate, and once it was created it could only be used
on that system. So
Title: RE: [FW-1] FW-1, NAT and SSL
Hi Gurus,
I will like to install one of our FW 4.1
module on Windows 2000 Server SP3.
Does Checkpoint 4.1 support it? Are there
some serious issues that I might face?
How to secure it? What services to
disable?
Thanks for your help,
Regards
Title: Message
Are
not your Internal and DMZ servers behindthe
sameFW?
-Original Message-From: Mailing list for
discussion of Firewall-1 [mailto:[EMAIL PROTECTED]
On Behalf Of Christopher CollinsSent: Wednesday, March 05,
2003 8:53 AMTo:
[EMAIL PROTECTED]Subject:
Title: Message
I assume these are windows boxes because you mentioned
Netbios. SFTP (ftp over ssh ). VanDyke makes some ssh and
sftpdaemons and clients that run in Windows. You could also
setup a vpn between the boxes (at least you can encrypt the netbios traffic over
the vpn).If you were
Hello list,
First post, I guess I'm looking for a quick answer from Checkpoint about the following
bugtraq post from last night - I was wondering if the XSS issue reported below
affects LOG Viewer Version 4.1 Build 41710. I'm _not_ concerned with the log
corruption part of the reported
I am using websense for http filtering and there are 3 premium groups (which costs
extra!!) In the groups there is a section for peer to peer blocking.
It does a much deeper packet inspection with the premium groups and it is supposed to
find/stop any tunneling under http. Before we purchased
Secure Platform Edition 2 Cluster XL FP3 Problem
Hi all together,
i have some difficulties to configure cluster XL on secure platform fp3
I have 2 enforcements and a dedicated management server, my cluster is
running
in load sharing mode.
I dont know how to setup multiple cluster ip addresses
I've got these pair of IP530's running 3.6 FCS4.
When I'm consoled to the boxes and initiate a ping x.x.x.x it takes like
45-60s before the Nokia actually initiates the ping. When I ping one of
it's interfaces it begins right away.
Also, from my laptop, when I telnet and/or SSH to the FW's it
Hi all,
I need a help , maybe anybody has an experience about this
I have network below
--
Router
--
|
|
--
Firewall
--
|
|
IBM AS/400
Router is connected to WAN cloud with Frame Relay , and
Hello,
I want to make a cgi program that register users with shared
secrets(fw1isakmp-sharedsecret attribute), stored in LDAP.
There's fw ikecrypt to creat shared secrets, so I want to use this.
How can I call fw ikecrypt in VPN from cgi program in web server?
Hyun
45 matches
Mail list logo