Dear all UTM-1 guru,
I am currently running a 2 members UTM-1 3070 cluster (R70.5). We are
planning to change the management IP address. The current IPs are as
following.
The current objects in SmartDashBoard are:
utm-1-cluster (172.16.0.1) on Internal interface
utm-1-fw1 (172.16.0.11) on
, and you're trying to prune that access with a few
specific drop rules.)
Does that make sense, or did I explain the concept badly?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM] On Behalf Of Clive Luk
Sent: Tuesday, January
fundamental differences in
architecture between Juniper (and Cisco, for that matter) and Check Point.
Juniper and Cisco use interface-centric ACLs, whereas Check Point is an
object-oriented firewall.
On Tue, Jan 29, 2013 at 1:09 AM, Clive Luk cl...@sl.nsw.gov.au wrote:
Hi all,
I am just wondering
Hi all,
I am just wondering if I can define a policy restricted by zone. As I
can see on the CP tracker there is inzone, outzone.
I have UTM-1 with multiple interfaces.
1 x Internet
1 x DMZ
1 x Staff internal
1 x Wireless
1 x Public internal
I am wondering if I can have a policy define to
even the logs get rotated. it
is actually failing my nightly scheduled backup job of the UTM-1
configuration. due to the space issue.
Thanks in advance!
Cheers!
On 30/11/11 22:44, Hugo van der Kooij wrote:
On 30.11.2011 00:52, Clive Luk wrote:
Dear list,
I just
want some advice on UTM-1
configuration. due to the space issue.
Thanks in advance!
Cheers!
On 30/11/11 22:44, Hugo van der Kooij wrote:
On 30.11.2011 00:52, Clive Luk wrote:
Dear list,
I just
want some advice on UTM-1 upgrade. I am currently running 2 UTM-1
R70.40. I am thinking of upgrading. Should I stick with R70
Dear list,
I just want some advice on UTM-1 upgrade. I am currently running 2 UTM-1
R70.40. I am thinking of upgrading. Should I stick with R70? or should I
go to R75?
The reason I am upgrading is I found the appliances has been acting
weird when I installing the policy.
Check Point
Dear List,
I am wondering if checkpoint can handle bandwidth throttling. I am currently
running R60.
Thanks in advance!
Cheers!
Scanned by Check Point VPN-1 UTM NGX R65 with Messaging Security
=
To set vacation, Out-Of-Office, or away
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Bandwidth throttle
Clive Luk wrote:
Dear List,
I am wondering if checkpoint can handle bandwidth throttling. I am
currently
running R60.
Yes, it's called Flood Gate in checkpoint and as of NGX is free of charge.
Scanned by Check Point VPN
Hi all,
I just got one question.
Is that a best practice to leave/allow the implied rule for DNS traffic
going from any to any? Is that vulnerable?
Should I just setup my own policy to allow DNS traffic accordingly? If I am
going to setup my own policy would that affect the performance on the
Dear list,
I have one issue with my VPN.
When I am at home connected back to my work via secureRemote. I can access
all resource on 172.16.* (as this is the physical interface on FW). However,
I can't access any other resources which on not on the physical interface.
For example, we have a
Hi all,
I hope someone can help me out here.
I have try everything I could.
I have newly setup a cluster NGX R60 firewall with RSA authentication
manager with SecurID working. They all running on Solaris 9.
I have also tested the connection from my home to the cluster FW. I have
connected
.
Regards
On 12/26/06, Clive Luk [EMAIL PROTECTED] wrote:
Hi all,
I hope someone can help me out here.
I have try everything I could.
I have newly setup a cluster NGX R60 firewall with RSA authentication
manager with SecurID working. They all running on Solaris 9.
I have also tested
Thanks Guys!
I will give it a go.
Cheers,
Clive
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Sergio
Alvarez
Sent: Wednesday, 27 September 2006 12:05 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Need
Hi Guru,
I want to ask if there is a easy method to do a management server upgrade?
Actually I want to move all configuration and license from a piece of old
hardware to a new hardware.
Anything I need to pay attention?
Thanks in advance!
Cheers,
Clive
Hi list,
I have setup a CP R60 high availability new mode using clusterxl. I am just
wondering if it is normal that there lots of broadcast traffic generating on
all interfaces?
Cheers,
Clive
=
To set vacation, Out-Of-Office, or away messages,
are necessary for cluster-status health checks,
when a Check Point ClusterXL clustering solution is implemented.
-GS
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Clive
Luk
Sent: Tuesday, August 15, 2006 8:11 PM
To: FW-1-MAILINGLIST
Dear list,
I want to get some suggestions from you guys on what hardware firewall to
get.
My requirement is to be able to handle gigabit traffic. As 2 of my internal
interfaces will need to pass through a lot of traffic. To the internet it's
ok to have 10/100. I have not much experience on H/W
Dear list,
I have just setup a cluster HA gateway in my test area. I have one
question(I am not sure if this is normal). In my cluster gateway, I have 2
cluster members. For example cluster1 is active and cluster2 is standby.
Cluster2 can ping the Virtual IP. But cluster1 can't. is that normal?
with BGE interface,
but NGX R60 is suppose to have resolved those issue. I have installed
NGX R60 with HFA3 on V240 server and it works fine.
Try adding the line bge accept in the file /etc/fw.boot/ifdev if it is
not already there.
Ramki
CCNA, CCSE-NGAI
Clive Luk wrote:
Dear List,
I am
Dear List,
I am trying to do a new installation on my newly bought two SUN FIRE V240.
Actually I want to setup as a cluster. However, When I installed NGX60 to a
freshly built box, it seems that CP doesn't recognise the bge card.
Does anyone has the same problem? Is there anyway I can solve it.
Hi Szurok,
I am not sure if that is the right solution. Correct me if I am wrong. I
think you can reset the Activation Key by using cpconfig and choose
Secure Internal Communication
To reset the activation key.
Cheers,
Clive
-Original Message-
From: Mailing list for discussion of
to use the Virtual Tunnel
Interface, a new option in R60.
Regards,
Reinoud.
-Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM wrote: -
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
From: Clive Luk [EMAIL PROTECTED
. If this machine
fails, control is passed to the next highest priority machine. If that
machine fails, control is passed to the next machine, and so on.
regards
Zubair
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Behalf Of Clive
Luk
Sent: Friday, May
Dear CP gurus,
I have just one question regarding the clustering on NGX60.
High Availability
Will have 2 or more members. When the primary cluster down the secondary
will pickup. Without load sharing in between,
Load Sharing
Will have 2 or more members. Loan will share among members. For
Dear CP gurus,
I am trying to do a fresh installation on a solaris 9.
Here is my question and step.
I want to install a FW gateway and smartcenter on 2 different box.
I am wondering what to choose on FW gateway and what to choose on a
smartcenter. Here are the options.
1.[ ] VPN-1 Pro.
2.[ ]
.
4. Follow the cluster configuration guidelines to configure the smart
dashboard objects for the cluster. Install policy on the cluster. You
will need a common IP, sync network etc.
Regards,
Clive Luk wrote:
Dear FW-1 list members,
Hope someone can help me here. Let me explain my
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] export configuration
If you want to migrate to R60, use the upgrade_export for R60.
The error message indicates /conf/rulebases_5_0.fws does not exists.
Did you check if the file exists under $FWDIR/conf.
Ramki
CCNA, CCSE-NGAI
Clive Luk wrote
Hi all,
One more silly question.
http://www.checkpoint.com/downloads/latest/hfa/vpn1pro_express.html#r60
is this the latest hotfix for NGX60?
Thanks!
Cheers,
Clive
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL
Dear FW-1 list members,
Hope someone can help me here. Let me explain my situation.
I am currently running single NGX55 on Solaris 8 and SmartCenter on a
different box (Solaris 9).
I have been assigned to a project to setup a cluster(load balance/fail-over)
firewall. I have just setup a test
Subject: Re: [FW-1] hotfix question
Yes. HFA-03 is the latest hotfix for R60.
Regards,
Ramki
Clive Luk wrote:
Hi all,
One more silly question.
http://www.checkpoint.com/downloads/latest/hfa/vpn1pro_express.html#r60
is this the latest hotfix for NGX60?
Thanks!
Cheers,
Clive
a common IP, sync network etc.
Regards,
Clive Luk wrote:
Dear FW-1 list members,
Hope someone can help me here. Let me explain my situation.
I am currently running single NGX55 on Solaris 8 and SmartCenter on a
different box (Solaris 9).
I have been assigned to a project to setup a cluster
Hi all,
Has fw-1-mailinglist got archive anywhere? Thanks in advance!
Cheers,
Clive
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
it does after an install.
Did you try the export after? It may work now (depending on if your
licensed, I think).
Christian Chiaverini
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Clive Luk
Sent: Wednesday, February 01, 2006 8
,
it will not work. Remember the 2006-01-30_235900.log also has pointer
files
associate with it. The output file can be anywhere but the input file
(-i) has to be
in the $FWDIR/log directory.
cisco4ng
Clive Luk [EMAIL PROTECTED] wrote:
Hi cisco4ng,
Thanks for the quick reply. I am
:[EMAIL PROTECTED] On Behalf Of Clive Luk
Sent: Wednesday, February 01, 2006 5:46 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] export log question
Thanks cisco4ng Christian!
I have tried to export the log in the default log directory. But still no
luck.
However, I have
Hi all,
I hope someone can help me here.
I want to export a raw log to an ASCII file.
I have used this command:
fw logexport -n -m raw -i fw.log -o out.txt
However, I got the following error message.
ld.so.1: fw: fatal: relocation error: file fw: symbol __user_mode_inet6__:
referenced symbol
Hi all,
I am new to CP. I would like a help of setting up a VPN tunnel from our LAN
to another external company' LAN.
I have found some doco on the net. However, on my SmartDashboard. I couldn't
find a 'VPN' column. I am using SmartDashboard NG with Application
Intelligence (R55) Build 127.
It
Hi Lars,
Thanks for your quick reply. I have checked. I have got the VPN checked. I
am sure we have got the license. Is there any quick way to check to confirm
that we have the VPN license?
Thank you!
Kind Regards,
Clive
-Original Message-
From: Mailing list for discussion of
Hi,
One more thing is I don't even have the VPN Manager Tab. Is that something
simple?
Cheers,
Clive
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Lars Troen
Sent: Thursday, 15 December 2005 12:02 PM
To:
Thanks RK!
I can see it now!
Cheers,
Clive
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Ramakrishnan Pillai
Sent: Thursday, 15 December 2005 1:34 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] VPN
)
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Clive
Luk
Sent: Thursday, 15 December 2005 11:51 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] VPN quesiton
Hi all,
I am new to CP. I would like a help of setting up a VPN
Hi all,
Is Checkpoint possible to setup a rule to allow an email send to a few
email address?
E.g.
Source from Any
Destination to smpt.mailserver.com
Email send to [EMAIL PROTECTED] or [EMAIL PROTECTED] are accepted
but not others?
Cheers,
Clive
services are up and running.
For more information use the SmartView Status application.
Can someone please help. I can install and verify the policy. But just
can save it.
Thanks,
Clive Luk
=
To set vacation, Out-Of-Office, or away messages,
send an email
44 matches
Mail list logo
