Hi,
OK I understand. But does the "keyinstall" entry on the log file means that
there is exchanges between the SecuRemote client and the Firewall and the
server on the encrypted domain ? There is nowhere documentation about that.
Now How to use an explicit rule ?
I am trying to debug a SecuRem
Hello Steve,
We tried to find a NIC(Driver) that is able to support this but we didn't
have any luck. Additional we asked SUN and they told us that it is not
supported.
Dominik
> We have a situation where we need to protect several segments/VLANs (100+)
> that we will be putting off a Cisco 65
Any has ever configured WLBS running behind a firewall?Seems like it operates
in a different way than a load balancer...I had problems with direct access to a
machine which is controlled by WLBS?
***
Cihan Subasi
Hi all!
I have 6 networks (100Mbs ethernet), 3 of then will be very bussy (high
traffic), 1 something in the middle (10Mbs), 2 very low traffic. I will use
FW-1 with encription module, mostly used for dial-in clints (SecuRemote).
For that porpuse I need computer with 6 NIC.
Could someone tell me
Is there a way of exporting a log with a filter option using a firewall
hostname as the origin of the log entries I am interested in.
I currently manage 3 x firewalls with logging back to one management module
and want to separate the log exports by source firewall.
Does anyone have a batch fil
Can your OS support it? Generally yes, but specifics depend on your OS.
Looks like you might be talking about Solaris, in which case yes, but you
probably already knew that.
Can FW-1 support it? Yes, but you have to be careful about defining your
anti-spoofing. Create a group containing all o
Firewall Policy/Properties/Services/"Enable FTP PASV Data Connections" -
Off. This setting does exactly the opposite of what you'd expect. "tried
to open other host port" is indicative of this problem.
Greg S.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
S
can one fast ethernet support multiple logical interfaces each with on the
same subnet?
hme0, 199.123.84.1
hme0:2, 199.123.84.2
hme0:3, 199.123.84.3
hme0:4, 199.123.84.4
??rf
To unsubscribe from this mailing
suppose multiple firewall-1's solaris servers connect to a hub connecting to
a router connecting to a serial pipe to the internet.
do users get 'equal' time from the router through this hub?
or, is 'equal' time ONLY achieved with multiple direct ethernet links to the
router?
??rf
http://www.samspade.org/
At 08:44 AM 7/12/00 -0600, mtmorales wrote:
>Does anybody know of an IP Whois access page?
>
>I used to go to a very good one:
>http://mjhb.marina-del-rey.ca.us/cgi-bin/ipw.pl
>but doesn't work anymore.
>Any suggestions will be appreciated.
>
>TIA.
>-mtm
>
>
>=
Check out www.phoneboy.com/fw1/faq/0001.htmlwhich describes debugging
this problem.
Also, see www.phoneboy.com/fw1/faq/0002.html to see how the licenses are
actually counted!
If you want to learn alot about FW1, check out the rest of Phoneboy's site
it is very informative!
HTH
Alastair
-
Hi,
Does anyone knows where I can find resources about
TCP/UDP ports and their possible risks of leaving them
opened? Thanks.
regards,
Cruiser_72
__
Do You Yahoo!?
Get Yahoo! Mail Free email you can access from anywhere!
http://mail.yahoo.com/
Has anyone tried using MRTG graphing to get
data such as active connections etc..
What SNMP features are supported by Checkpoint Firewall 1
Cheers
Justin Derry
To unsubscribe from this mailing list, please s
The company I work for (a small company, ~20 users) Got the Checkpoint
fw-1/vpn-1
full on deal a little less than a year ago.
We had been told they are the best, so we got them
(Thank God the General Manager suggested this product, or I'd be in deep
crap)
We got mucho licenses... fw license, vpn
I noticed when moving from NT SP4 to NT SP6a I had to enable PASV FTP to
access some FTP sites, they were working before without it enabled...
Patrick D. Baird
Senior Solutions Developer - MCSE
mVest Technology Solutions, Inc.
1700 Paoli Pike
Malvern, PA 19355
Wk: 610-407-0100 x305
Cl: 610-74
I too have had the same problem in regards to support and Licensing.
I have had problems with our VPN's since the day we bought it. I have
gone from support in Australia back to support in the States and finally
back to their Head Office. There they finally admitted that they have a
problem an
My recently implemented firewall is showing some interesting "funny
things"...
My WindowsNT Event Log (not FW-1 log) is showing some particular interesting
entries. Over the period of a 1 sec, my log will be filled with about 27
entries. This first of these - FW1 too many internal hosts det
What a story!! if you could do it over, what other vendor would you choose?
My subscription is going to run out and unless I find a good fw vendor, or
switch to freebsd/ipchains, I may be forced to give checkpoint more money
for no upgrades.
Checkpoint never reads this list, so its pointless to
Dear Checkpoint representatives;
We are experiencing very similar problems with our new
implementation of our Checkpoint firewalls, and
already have different firewalls being tested in our
labs. We have learned that the Phone Support for
GoldPlus support was nothing more than a voice
front-end
hello,
On a Nokia box, if my firewall process crash and not
one of my interface, how to swap to the backup box ?
regards,
Steve.
__
Do You Yahoo!?
Get Yahoo! Mail Free email you can access from anywhere!
http://mail.yahoo.com/
===
Hi suckers,
Yep, as you can read in my "[FW1] FW1 Licence Upg - CONTINUING Saga." emails
over the last couple of days, I am currently getting no where fast.
I wouldn't normally do this but the following emails really show how CP
internally, couldn't care less about us "users". Talk about passi
Greetings,
I have FW-1 ver 4.0 and 4.1 on NT machine. I was on oralces tech web site
http://technet.oracle.com/ to down load some software. The web site takes you
to a page which has a link to their ftp site. When I click on that link I get a
read error. I checked the FW logs and it showed t
Dear Checkpoint representatives,
I am writing to you as the network administrator for Large Scale Biology in
regard to our corporation's experience with CheckPoint products. Last year
I was tasked to find a VPN/Firewall solution for our corporation. We wanted
something that was reliable, scala
Hi,
FW-1 v4.1 with latest hotfixes (until June 1st)
PC1is a PPP Dial In user (MTU=576) using MS-Windows
SRVis a FTP Server (Netscape on Solaris) on a 100 Mbps LAN
In between PC1 and SRV there is a FW-1. Strange FTP behaviour started
after upgrading from 4.0. Look at the following s
Welcome to the club!
Michael Tench wrote:
Has
any of you people encountered nightmares with checkpoints licensing?
Just
a couple of months ago I finally had a licensing issue resolved which took
well over a year. Now, when it comes to upgrading to 4.1, I am encountering
the same problems all
On NT:
example:
the fw-1 ext interface: 207.43.192.6
the ext interface you want to proxy:207.43.192.5
the int interface of the proxied: 10.10.0.33
MAC address of the proxied: 00-80-5e-f7-e2-a2
add route to firewall:
route -p add 207
I believe that I'm safe in saying that your cleanup rule at the end of your
rule base should also help to address this.
Stephen
-Original Message-
From: Jim Shaw [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 4:47 PM
To: 'Dwayne Mowers'; '[EMAIL PROTECTED]'
Subject: RE: [FW1]
Hi,
http://support.microsoft.com/support/kb/articles/Q155/8/31.ASP
http://support.microsoft.com/support/kb/articles/Q259/2/40.ASP
may help
also checkout the archives at www.securepoint.com/fw1
-Original Message-
From: Parkin, Miles [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 12 July 2
I'm in
the same boat. I'm going on 9 months of license problems for an upgrade to
a product which is under a subscription contract. Working on 4.1 at this
time. I'll post again when I receive my license (or Raptor) - whichever
comes first.
-Original Message-From: Michael Ten
If you only havbe rules for things that you permit then you don't have to
worry about blocking every possible thing that may come up. Of course some
of these newer apps use ports and protocols such as 80 that are generally
used for something else you may need, in which case all bets are off.
Jim
Hi all...
I need help with spam please.
I've Solaris 2.6 with FW1-41 on my Sparc Ultra10,
Is there any procedure to create a smtp security server ??
I have a procedure for FW1-3.x, but don't work with FW1-41.
I see the URL phoneboy but I can't stop the sp
We are implementing the encryption domain in our network to permit that
some partners access our servers using SecureClient, I have the following
situation:
I've defined a encryption domain that is a group of networks, just like
this:
- Intranet: 128.1.0.0 (our intranet servers)
- Invalids: 192.
Jeff,
Why do i need to add an arp entry?? I am using the same ip address as the
external interface of the firewall. I thought arp entries are required only if
one is using other (valid addresses).
Maybe i wasn't clear in my message earlier.
Here is the situation...
Hi !
It's good that I replay to mine, if not hear any answer for this question !
so another question :
can user cascade proxy (bypass first) if I force that using proxy server
like MSProxy ?
do you have idea about good proxy server ?
how can merge proxy with firewall for webcache ?
Reza
>
You need to setup your firewall to Proxy ARP for the internally NAT'ted
addresses. We do this quite extensively actually.
On the Nokia boxes you go into Voyager and add a proxy arp entry under the
interfaces choice.
In FW-1 add two objects. One os the actual internal object with a NAT
define
Hello,
I've got the following error when I try to access a
web page using Safegate in CVP and the FW1 on a nokia
box with FW1 4.1 SP1 :
FW-1 error : FWXXX access denied
I'm quite sure it comes from my opsec configuration
but I don't know how to solve that.
regards,
Steve.
___
Hello,
Do I need to use a certificate to use IKE with SecurID
authentification in FW1 4.1 SP1 ?
If not how can I setup that ?
regards,
Steve.
__
Do You Yahoo!?
Get Yahoo! Mail Free email you can access from anywhere!
http://mail.yahoo.com/
==
Hello,
I wish to setup a High Availability VPN between two sites using IKE
encryption. The first site A gots two Nokia IP650 and the second site B
gots
two Nokia IP330.
All these 4 Nokia encryption modules are managed by the same console and
run
on fw4.1 SP1.
Each Nokia box gots several i
Has any of you people encountered nightmares with
checkpoints licensing?
Just a couple of months ago I finally had a
licensing issue resolved which took well over a year. Now, when it comes to
upgrading to 4.1, I am encountering the same problems all over
again.
I realize that Checkpoint ma
Hi All,
I am seeing strange what appears to be a port scan where the source address
keeps changing from classes A, B and C and the destination is always a
network like 91.58.0.0, 101.20.0.0, 206.67.0.0, etc. Most of source ports
used are in the high range above 1. The Info field on the log s
Does anybody knows how to redirect ftp and www to internal servers with
only fw-1 external (valid ip) address. I also have interal users that
need access to http,ftp, and telnet. I have done NAT with internal users
going out via a NAT hiding translating rule and ftp and www are done
with static
I have to define an High Availability Solution for my company.
I read at checkpoint home page about this product.
I'd like to know with any one here have any experience with it.
I'm not sure if the best solution is to use hardware to implement high
availability or this software.
Luis Carlos
=
This all sounds like the passive mode problem. Try turning off/on the
accept passive mode ftp connections.
In the policy menu, select properties.
Services tab.
try ot toggle the Enable FTP PASSC Data Connections.
As I reported earlier, this seems to be in reverse mode. Right now I have
mi
Hey guys,
I have been experiencing this same problem after installing SP6. We have NT
4.0 SP4 running FW 4.0. Checkpoint recommended disabling PASV FTP Data
Connections, Policy>>>Properties>>>Services>>>Enable FTP PASV Data
Connections Disabling this option corrected my problem and so far has n
Hello all.
I know this have been mentioned a few times in the past,
but I am still unable to make it work and was wondering
if anyone had any further tips.
The scenario is such:
When using SR, I'm having some trouble getting X11 through
a FW-1 4.0 box (solaris) from a hide NAT'd machine. The
I am also having problems using FTP from our Internal Network. E.G. I can
FTP FTP.MICROSOFT.COM but I cannot FTP to FTP.NAI.COM error = The connection
is being reset by remote host.
This started happening after upgrading fw-1 4.0 service pack 4 to 6! any
suggestion or comments will be appreciate
Hi,
Pls chek your license.
For FW-1 that installed on Solaris you must use your hostID (not IP
address) to license
regards
Hoang Ha
Forum: RE: [FW1] GUI problems... (Prakken, David)
Date:Jul 12, 11:47
From: Firebird <[EMAIL PROTECTED]>
Yeah, I understood
I don’t
believe that FW-1 spools your e-mail except when you are using an SMTP
Resource; it simply checks the SMTP packets against its rule base as it would
any other packet.
Greg S.
-Original
Message-
From: Rohit Mungur
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12,
Whoops, typo on my part, that should be TCP 4000.
-Original Message-
From: Scheidel, Greg
Sent: Wednesday, July 12, 2000 11:51 AM
To: 'Dwayne Mowers'; 'fw-1-mailinglis'
Subject:RE: [FW1] ICQ
I recommend that you block:
- any -> any -> UDP 4000 -> drop (the default s
Rule 0 rejections are usually because of one of three reasons:
authentication, IP Spoofing, or IP options. The usual culprit is the IP
Spoofing setup on the interface properties of the firewall NICS. Double
check this first.
Dave
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Greetings,
I have FW-1 ver 4.0 and 4.1 on NT machine. I was on oralces tech web site
http://technet.oracle.com/ to down load some software. The web site takes you
to a page which has a link to their ftp site. When I click on that link I get a
read error. I checked the FW logs and it showed t
You don't need the AMC but you do need the license. You can't push an LDAP
enabled policy without the RAM1 feature. As far as integrating with NDS
goes, you shouldn't have a problem as long as you are running version 8 of
NDS. I have an LDIF file that you can use with the SCHMAP utility to
au
After installing Antivirus server in the
DMZ, I saw all my mails going via directory /FireWall-1/spool.
However, when I disinstall my antivirus
server and I do not know in what directory on my firewall to look for the
message queues.
Can anyone help over there?
Regards
We have an Exchange server behind our FW1. We have an internet mail relay
server in the DMZ. Most email messages sent to hotmail is rejected with a
message like "error timeout ..." Any ideas? Thanks.
To un
I know this has probably been a question resolved in the past...can someone
tell me how to block ICQ, theport and settings for the rule base for FW1
SP1, I am new to checkpoint and would appreciate a response.
Thanks!
Dwayne Mowers
CCSA
MAS Consulting
At 08:44 AM 7/12/00 -0600, mtmorales wrote:
>Does anybody know of an IP Whois access page?
>
>I used to go to a very good one:
>http://mjhb.marina-del-rey.ca.us/cgi-bin/ipw.pl
>but doesn't work anymore.
>Any suggestions will be appreciated.
This wonderful page was the best. Since its departur
test
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
Does anyone know if FW-1's (any version) SMTP Security server supports RFC
2554? This is the SMTP AUTH command, which is used by Microsoft Exchange to
authenticate clients. This allows restricting relays to authenticated
users. Without such a mechanism, you must either allow everyone to relay
What is the "encul" feature?
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED]]On Behalf Of
>>>Firebird
>>>Sent: Wednesday, July 12, 2000 10:37 AM
>>>To: Prakken, David; [EMAIL PROTECTED]
>>>Subject: Re: [FW1] GUI problems...
>>>
>>>
>>>
>>>1) so, 'fw printlic
Title:
Can anyone shed some light on the timesink adbot? I
recently found numerous ping floods uninitiated ftp etc from pc's on our
network. Seems every time a PC would startup it would ICMP echo to 149.1.1.1
(149.1.1.11 is timesink.com). This was caused by an adbot program
TSADBOT.exe inst
hi all,
I try to install the activecard / radius product with securemote (this one
work with vpn&fw1 password)
but i didn't find any documentation about this scenario... maybe someone
already do it.
my firewall is fw1 4.1 under nt.
thanks,Frédéric
E.mail: [EMAIL PROTECTED]
=
I am trying to get by without the AMC - integrating with NDS also.
I'll keep you informed... :-)
Paul
C. Paul Simons
Corporate Network Services
IHS Energy Group, Englewood, CO.
Main: +1 303 736 3000
D
I've the following NAT rule for servers being accessed through internet:
src dst src
dst
any srvr_public_address orig
srvr_privte_address
srvr_private_addressany srvr_public_address
o
I recommend that you block:
- any -> any -> UDP 4000 -> drop (the default service port that ICQ uses to
establish a connection to their login servers)
- any -> ICQ_Servers -> any -> drop (ICQ_Servers group based on resolution
of icq.mirabilis.com and defined as 205.188.153.105, 205.188.153.108,
1) so, 'fw printlic -k' gives me this:
This is VPN-1(TM) & FireWall-1® Version 4.0 (13Jul2000 15:35:46)
(printing license embedded in fw-1 kernel module)
Type Expiration Ver Features
195.171.37.250 Never 4.x encul ca vpndes
and that's OK.
2) I'm running in 32 bit mode, so t
local.arp should be in the state directory, directly under fwdir; not in the
conf.
You must stop and restart the service to make it active.
Thomas Poole
-Original Message-
From: Frank Darden [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 11, 2000 9:11 PM
To: 'Aaron Wheeler'; Fw-1-Mailin
I just answered my own question.
FW-1 clears most of the tables when a new Security Policy is
reloaded to make sure all new incoming packets are filtered
according to the new Security Policy and not to whatever was
stored in the state tables.
Makes perfect sense.
Thanks again.
On Wed, Jul 12,
Roy,
Never thought of doing something like this. I
tried x.x.x.255 and x.x.x.* - neither worked.
But someone else may have a way. If you
find out, please let us know.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o dS e r v i c e
Voice: +1.61
Thanks everybody for your suggestions.
I got what I needed and more.
We can kill this thread now ;-)
-mtm
-Original Message-
From: Jason Maley [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 9:27 AM
To: mtmorales; [EMAIL PROTECTED]
Subject: RE: [FW1] Need IP Whois link
http:
Chee Ming (aka Jimmy),
The $FWDIR/conf/clients is on the fw mgr and
the $FWDIR/conf/masters is on the fw modules.
HTH
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o dS e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "leong C
http://www.arin.net
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED]]On Behalf Of
>>>mtmorales
>>>Sent: Wednesday, July 12, 2000 9:45 AM
>>>To: [EMAIL PROTECTED]
>>>Subject: [FW1] Need IP Whois link
>>>
>>>
>>>
>>>
>>>Does anybody know of an IP Whois access
Hello
I think you can block ports 6667 to 6669
But why don't you use the policy :
"All is blocked by default, and I open all that I really need"
?
> Francis THELLIER
>
> -Message d'origine-
> De: Dwayne Mowers [SMTP:[EMAIL PROTECTED]]
> Date: mercredi 12 juillet 2000 16:24
> À:'f
hi
I´m having a problem tryng to fetch the dh key on an SKIP vpn; I´ve got a manager
station and a firewall module on one site and the remote site is only one machine for
both things; either when I try to fetch the dh key or when the remote manager tries
the same thing, there a message saying:
http://www.enteract.com/~lspitz/linux.html
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED]]On Behalf Of Mike
>>>Pagan
>>>Sent: Wednesday, July 12, 2000 9:35 AM
>>>To: '[EMAIL PROTECTED]'
>>>Subject: [FW1] Hardening Linux
>>>
>>>
>>>
>>>Does anyone know wher
Does anybody know of an IP Whois access page?
I used to go to a very good one:
http://mjhb.marina-del-rey.ca.us/cgi-bin/ipw.pl
but doesn't work anymore.
Any suggestions will be appreciated.
TIA.
-mtm
To uns
Does anyone know where I can get a FAQ on hardening Red Hat 6.x for a FW-1
install?
Mike Pagán, MCSE
Network Center Inc
www.netcenter.net
Power corrupts. Absolute power is kind of neat.
- John Lehman (Secretary of the US Navy 1981-1987)
==
Hi everyone,
Could someone explain to me why the Clients that where
authenticated seem to lose their auth status when the FW
rules are reloaded.
Is there a way around this?
Thanks.
--
Charles Gagnon | My views are my views and they
http://unixrealm.com | do not
I know this has probably been a question resolved in the past...can someone
tell me how to block ICQ, theport and settings for the rule base for FW1
SP1, I am new to checkpoint and would appreciate a response.
Thanks!
Dwayne Mowers
CCSA
MAS Consulting
=
We have a situation where we need to protect several segments/VLANs (100+)
that we will be putting off a Cisco 6500 series switch. Each VLAN needs
to be protected from the others. I _WANT_ to plug a solaris box into the
6500 w/ gigabit and have it act as a router however I can find NO answer
Hmmm ...
A couple things to check:
1) Do a fw printlic -k to make sure the license is installed in the kernel.
If not, the solution is to do a
fw putlic -k ... to force it into the kernel.
2) Are you running in 64bit mode? If so, bring the system to the eeprom
level and do a 'boot /kernel/un
Hi
It´s the total number of ip addresses (except the ones on the external
interface) that the firewall "sees", which is the number of nodes protected
by it, what it computes as hosts to be under license, not only the ones
actually going through it. Obviously with netbeui on the internal pcs, the
Yeah, I understood that they won't ask to put the localhost in the
gui-clients file. :o)
I don't even tried to use fwui or any local GUI, I just try to use the GUI I
just installed on my NT box. So I receive the message on the SUN station,
and on the NT station, to tell me the reason why it does
Hi,
I have FW-1 4.0 SP5 on NT. If possible use/setup HTTP Secure server for
securing internal Web server?
If YES how can I do it.
Regards
To unsubscribe from this mailing list, please see the instructions a
All other considerations aside, blocking access to the AOL Class B on all
port except 25 & 80 won't work because the clients can use any available
port, including 25 & 80, to pass their traffic.
Greg S.
-Original Message-
From: amanda [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, Ju
Yes. If you have a distributed firewall, be sure and purchase the RAM1
license instead of the AM1 license. This installs on the Mgt. Module.
Good luck,
===
Joel Eames - Data Security Analyst
Information Services
Texas Children's Hospital
(713)770-4441
[EMAIL PROT
Vu,
Since the FW counts all IP addresses it sees, it's quite possible that it
will discover much more then 25.
In the case of having your network routers do a static route for all
non-internall IP's to the FW for eg, you'll end up having your FW discover
all the IP's.
We had the same issue and
The following was taken directly from CheckPoint's knowlede base.
A note on:
#1: The FWSTOP and FWSTART need only be done once the local.arp file, and
route has been added.
#2: The local.arp must reside in the FWDIR\state direcroty. That is where
CP looks to setup the arp entry in NT as NT ha
Hi.
I'm new to FW-1, so sorry if this is too simple...
In my FW-1 4.1 SP1 log viewer, there are entries with source address like
"MATRICOLE2" or "CENTRALE" or "OEMCOMPUTER" or "E0230605" and so on.
Where does FW-1 take these names?
Other source entries are ip addresses, or fully qualified domain
What are the AOL services that you are trying to block?
If you just want to block all access to login.oscar.aol.com then a simple IP
filter will do. Try something like this:
Deny 205.188/16 except ports 25 and 80
What you want to do is impossible with an
off-the-shelf name server, but since y
Dave,
Yes the traffic is encrypted. Did you remember to
install your keys? Did you get it working from
internal first, then move it to the outside?
What does the log file say? Have you sniffed the
two ends to see whats going on?
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infr
Hi,
I have FW-1 version 4.1 on Solaris 2.7 with 25 licenses.
How do FW-1 v.4.1 count the licenses on the internal LAN, are there only
IP-address that passing throught FW-1 on internal interface that will be
count?
Regards
=
The GUI client setting is only for management by remote workstations. You
still need the "motif" license on the Sun box to get the local GUI
interface.
The license message is just a cosmetic problem with Sun. You can verify the
installation with a fw stat.
Dave
-Original Message-
From
Yeah that's true. I have a management server and two Firewall-1 servers
running the firewall-1 and VPN module. I statically NATed a public address
to my management server since it's the CA. I'm still having weird problems.
Using FWZ as the encryption scheme, I can generate the key manager and
Hi,
I am trying to setup VPN with SecuRemote. I have a line on my FW logfile
that talk about "KeyInstall" with the rule number 0 for a server on my
encrypted domain that I try to access from my securemote Client.. What does
it means ?
Cordially
Emmanuel Lucas.
=
Hi,
the location of local.arp file must be on $FWDIR\state directory
the syntax of local.arp is
111.222.333.444 AA-BB-CC-DD-EE-FF if your are running NT platform
111.222.333.444 AA:BB:CC:DD:EE:FF if your are running Unix platform
Regards
Hoang Ha
-Original Message-
F
This is workable for napster.com (which does not provide any other services
this site requires access to), but for AOL, Yahoo, etc creating a new zone
is unmanageable. I still need AOL's (as an example) web servers and e-mail
servers to resolve properly. If I create a new zone, this means that
Hi
Is it necessary to purchase a licence to use the user account management
feature (ldap) of fw-1? I have an unlimited VPN1 licence and want to
link with an LDAP port of an NDS user directory.
Regards
--
Declan McKibben
Project Manager
IT Development
RTE
Donnybrook
Dublin 4
Ireland
t +353-1
Hello,
I have FW1 on NT system.When I try to install a
rulebase on it, it does'nt work and
gives the following message:
"Unable to open '\Device\FW1':The system can not
find the file specified.
Failed to get interface list: The system can not
find the file specified.
Has only loopback (lo)
i
Hi,
What do you mean by "no filtering is occuring" ? I allow "any" services on
my FireWall for SecuRemote clients.
How can I check if my ISP is doing address translation ?
I have modified my objects.C file on my firewall. Is that all ?
Cordially
Emmanuel Lucas.
- Original Message -
Fr
Hi,
I am trying to get the "notification" part of MSExchange to go through the
firewall. This part of the MSExchange server client communication works if
I only have DCERPC configured, but when add MSExchange, it breaks. The
reason that the MSExchange part of this is required is because if onl
1 - 100 of 111 matches
Mail list logo
