Re: [FW-1] Restricted administrator account
Meißner a écrit : Hello, is it possible to create an administrative account in Smart Dashboard who is only able to edit some particular rules from the whole ruleset and install it afterwards? For example he should be able to enable/disable some rules or change some time columns. Since I think that's impossible has somebody an idea for a workaround to solve this? BTW: R65 or R70 Hi Carsten, It's not possible. Once you have access to a ruleset, you can see or change everything in this ruleset. Workaround doesn't exist as far as I know, it's all or nothing. even with a provider one you cannot do this. (unless you have several gateways). Thanks, Carsten Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] Netscreen firewall policy to Checkpoint Fw-1
Hi Has anyone converted a Netscreen firewall policy to Checkpoint R65/R70, can this be done? i have taken a look at fw1 rules and confwiz but they do not do this, object dumper not so sure does this, has anyone managed to covert a NS policy to Checkpoint and if so what tool was used? Many Thanks Hi, As far as I know, there is no automatic conversion tool. you can use some tools like odumper to get at least the objects, then add those to the screenos with regular set commands. Then it depends how complex is your ruleset on the netscreen device (forget about nat per policy or vpn per policy on checkpoint). It's perhaps a good point to check what is still in use in your rulebase, and reorder a little bit. Don't create sections with the zones from the netscreen, it won't make sense. Last question : why do you plan to migrate to a checkpoint from a netscreen ? Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] meshed VPN traffic between UTM edges
Yes it works, but you don't want it to handle to many VPN tunnels. You need to check the recommended amount of tunnels for your edge box, I don't remember what it is. -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of pkc_mls Sent: Monday, March 01, 2010 3:45 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] meshed VPN traffic between UTM edges Rob Epping a écrit : Hi list, Isn't there anyone who knows whether mesh-VPN is supposed to work between UTM-1 Edge devices? Hi, from an IPSEC point of view, it's supposed to work. if you do your config manually on the edge devices, it should be ok. but I'm not sure this kind of scenario is supported by the smartcenter. you should definitely ask checkpoint support for a confirmation. THNX GRTMX RobJE Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
[FW-1] Georg Schwab ist außer Haus.
Ich werde ab 01.03.2010 nicht im Büro sein. Ich kehre zurück am 03.03.2010. In dringenden Fällen wenden Sie sich bitte an Herrn Andreas Brandauer (andreas.branda...@rvs.at) oder Herrn Christian Moser (christian.mo...@rvs.at) Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Die Übermittlung von Nachrichten per e-mail erfolgt ausschließlich zu Informationszwecken. Rechtsverbindliche Erklärungen werden über dieses Medium nicht abgegeben. This message and any attached files are only for information purposes. E-Mail is not used for the exchange of legally binding statements. Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] Netscreen firewall policy to Checkpoint Fw-1
I have done this type of conversion, but there is no nice automatic way to do it. There are conceptually a few differences, especially in how vpns are handled. Although you can set checkpoint up as a zone-type firewall, IMHO it would be better to revisit the configuration and provide a functionality match to the firewalls rather than just duplicating the rules. By this I mean converting to checkpoint service names rather than ports, taking advantage of rule and object grouping, etc. Ted Serreyn -- Ted Serreyn Phone:262-432-0260 Fax:262-432-0232 Serreyn Network Services, LLC http://www.serreyn.com/ -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of pkc_mls Sent: Monday, March 01, 2010 3:40 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Netscreen firewall policy to Checkpoint Fw-1 Hi Has anyone converted a Netscreen firewall policy to Checkpoint R65/R70, can this be done? i have taken a look at fw1 rules and confwiz but they do not do this, object dumper not so sure does this, has anyone managed to covert a NS policy to Checkpoint and if so what tool was used? Many Thanks Hi, As far as I know, there is no automatic conversion tool. you can use some tools like odumper to get at least the objects, then add those to the screenos with regular set commands. Then it depends how complex is your ruleset on the netscreen device (forget about nat per policy or vpn per policy on checkpoint). It's perhaps a good point to check what is still in use in your rulebase, and reorder a little bit. Don't create sections with the zones from the netscreen, it won't make sense. Last question : why do you plan to migrate to a checkpoint from a netscreen ? Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = Email secured by Check Point Email secured by Check Point Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] IPSO VRRP CMD LINE
Iclid Sh vrrp -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of David DeSimone Sent: Saturday, February 27, 2010 7:46 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] IPSO VRRP CMD LINE Luke Gogolkiewicz syn...@gmail.com wrote: How can you check to see what Nokia firewall is the master by command line cphaprob stat This is incorrect. When running with Nokia VRRP, cphaprob will always tell you that both cluster members are active/active, so you cannot tell which one is master by looking at this output. As others have stated, look at the VRRP status to see which one is current master. -- David DeSimone == Network Admin == f...@verio.net I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it. -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
