Hi,
I have a problem when running fw log on a solaris management station.
when the log file is bigger than 5 Mbs, the process cores (SIGSEGV or
SIGBUS).
adding the -p -n options doesn't solve the problem.
could anyone tell me if there is a workaround to avoid this ?
I suspect a memory issue
cisco4ng a écrit :
Hi,
Once I define a checkpoint gateway object and gateway cluster object and put the
gateway object into the gateway cluster object, under the topology, how can I
tell
the Internal interface that there is an network of 192.168.1.0/24 behind
this interface
as
cisco4ng a écrit :
The thing is that the topology is already set to internal without me doing anything
about it. It would not even let me edit the topology.
did you get the topology from the gateway or define it manually ?
cisco4ng
Hi,
I have a fw monitor capture from a secureplatform, but as I try to open
the file with ethereal, I have the following message :
*The capture file appears to be damaged or corrupt.
(snoop: File has 15872-byte record with packet size of 15872)*
the secureplatform version is NGX. the file is
list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of pkc_mls
Sent: Wednesday, September 13, 2006 8:28 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] cannot read fw monitor capture with ethereal
Hi,
I have a fw monitor capture from a secureplatform, but as I try
Sergio Alvarez a écrit :
Well, it could be in fact bad or corrupted, errors occur.
Why don't you just try to get the capture again?
tried soon, looks like the customer's fw monitor isn't ethereal
compliant :)
On 9/13/06, pkc_mls [EMAIL PROTECTED] wrote:
Christian Chiaverini a écrit
Lars Troen a écrit :
tried soon, looks like the customer's fw monitor isn't
ethereal compliant :)
Here's a howto on fw monitor and cpethereal:
http://www.checkpoint.com/techsupport/downloads/html/ethereal/fw_monito
r_rev1_01.pdf
Lars
I tried this also ..
Scott Tobias a écrit :
I have seen this before when the file is uploaded ascii. Have then try it
again in binary.
That's what I asked. the client told me it was transfered in binary.
Joe Demarest a écrit :
Folks, I have gotten to the bottom of my CP - HA flipping back and
forth problems with Solaris. I put a much larger box in place of one
of the firewalls and the problem has been better for some time now.
This leads me to believe that I need to upgrade my hardware,
Kim Longenbaugh a écrit :
Does the upgrade export/upgrade import take care of the routing and
networking too?
check the generated archive for any network definition file ...
the answer is no.
you have to save your routing and interface definitions and restore it
to the
new machine before
Joe Demarest a écrit :
OK, so this one gets me fired up, my FW is set up so that I am only
inspecting incoming packets. So, why do I need to sometimes put
outgoing rules in? I had one today where after fighting that the FW
doesn't block outgoing packets I finally put a rule in for 446 so MS
Hi,
I'd like to know if there is a way to set a vpn-1 edge to use
automatically one or another IP address
of a checkpoint VPN gateway configured with ISP redundancy.
It looks like the securemote mode doesn't allow this, but has anyone
ever tried to set such a configuration ?
thanks
Hello,
from a fresh install using ngx61, I have the following message when I
try to set my splat gateway as vpn gateway :
Information: Validation log: Certificate ICA_CERT cannot
be validated.
Reason: CRL is not yet valid. Make
sure that the
feedback asap ...
Claudia Cordova
Soporte Tecnico
SEFISA-El Salvador
[EMAIL PROTECTED]
Tel:(503)22890097
Cel:(503)78512041
-Mensaje original-
De: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] En nombre de pkc_mls
Enviado el: Viernes, 06 de Octubre de 2006 05:01 a.m.
Para
Hi,
I'd like to install a splat on a dell 2950, but my media kit doesn't
include the driver for the perc 5,
and my server doesn't have any internal floppy disk.
checkpoint site says I have to (buy and) use the latest media kit, but I
think it's quite expensive to pay
an extra media kit for a
pkc_mls a écrit :
Claudia Cordova a écrit :
Maybe, you create the certificate before SIC.
Try to remove the certificate and renewed. Of course, you should to
establish SIC before that.
nice try, but there is no SIC with a vpn1 edge.
I'll try to set an external CA, and see if it works
Nick Whitworth a écrit :
Does anyone know of any tool for checking the integrity of databases on
an NGX (R60) management station?
you mean, something like
cpstop
fwm vdb
cpstart
?
I tried only on the management server.
I don't know if it works on a firewall module, but cpstop isn't
Hi,
I try to setup a config between a splat and a vpn1 edge.
when I try to connect using ftp, the banner comes immediately.
When I try with ssh, I have to wait almost 2 minutes before it asks me
for the login.
the tracker shows some out of state connections, but even if I choose
not to drop
David Palmer a écrit :
I have seen similar issue. It was corected by adding a static host entry
could you please give further details ? (I tried to add host entry for
the client on the server, and for the server on
the client, but that didn't work).
thanks
-Original Message-
Miguel Angel Gutierrez a écrit :
hello people...
does anybody know of a document or link with a table or some sort of
device that could help me read the features that a license file has?
example: CPMP-VFF-U-NG CPVP-VSR-1000-NG CPVP-VPS-1-NG
Hello,
you can pick some infos from this page :
, could he detail the installation ?
(ssh client, ssh server, gateways, vpn settings).
thanks
On 10/17/06, pkc_mls [EMAIL PROTECTED] wrote:
Hi,
I try to setup a config between a splat and a vpn1 edge.
when I try to connect using ftp, the banner comes immediately.
When I try with ssh, I have
Hi,
I'm desperately looking for the gui for the dbedit command ?
could anyone give me the link at the checkpoint site to download this
tool ?
or is it faster to edit manually the objects file(s) ?
thanks
the guidbedit binary for r60/r61 on windows ?
thanks
Nicolas Figaro
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On
Behalf Of pkc_mls
Sent: Monday, October 23, 2006 09:21
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] gui dbedit
Hi
pkc_mls a écrit :
Brockhoven, Werner a écrit :
Hi,
You will find a copy of GuiDBedit.exe under your SmartConsole
installation directory.
E.g. C:\Program Files\CheckPoint\SmartConsole\R60\PROGRAM
I can't find the binary.
the guidbedit directory is created, but is empty :(.
could
Miguel Angel Gutierrez a écrit :
hello list,
we were evaluating a dell 1950 in order to set up SPLAT in it, and
already took a look at the hardware compatibility page:
http://www.checkpoint.com/products/supported_platforms/recommended/ngx/v
er_r60/017.html
but I didn't catch the hard drive specs
cisco4ng a écrit :
scenario:
hostA---FWA---Internet---FWB---hostB
FWA is a Cisco Pix version 7.2(1)
FWB is running NGx R61 with HFA_01 running on IPSO 4.1 build 19
hostA is a windows XP Pro. with Service Pack 2 and latest patches
hostB is Windows 2003 Service Pack 1 with
http://support.microsoft.com/kb/899148/fr
remove the /fr for the same infos not in french.
(quite hard on monday morning ... )
I never tried this, but I hope this'll work for you.
cisco4ng
? thanks.
if you have an access to the secureknoledge, you can search for dcerpc.def.
otherwise, try the same search in the mailing list archive
(msgs.securepoint.com allows you to search
through the archives).
cisco4ng
pkc_mls [EMAIL PROTECTED] wrote: http://support.microsoft.com/kb
hello,
I tried to configure a cluster interface on a virtual interface of a
secureplatform cluster.
the eth0:0 interfaces are configured on my cluster nodes.
the topology is manually defined.
but when the cluster works in load sharing mode, there is no response to
the arp request to the
Hi,
I'd like to use a virtual interface (eth0:0) on a secureplatform cluster
running ngx r61.
I can declare the interface on the topology, but as I try to ping the
cluster IP, I have no arp response.
each member's virtual interface can be pinged from a client workstation.
it works fine if
Hi all,
Just curious regarding the number of sk entries about smartdefense, has
anyone ever complained
to checkpoint about normal traffic blocked by smartdefense ?
if so, what was their answer ?
thanks
David CALLEBAUT [AEMS Be] a écrit :
Dear List members,
I have a customer who wants to establish a site-to-site VPN between a
FP2 cluster and a Cisco 2621 router. I know there are some pitfalls in
setting something like this up. Anybody has some good info or documents
related to setting up this
Edouard Zorrilla a écrit :
Hello There,
Does anyone have already configured a host which perform a IP and IPSec traffic
at the same time ? I mean, thru site A just IP traffic and thru Site B IPSec
traffic.
Hello,
you can easily do this.
the ipsec or ip traffic depends on your rulebase
Scarpati Massimiliano a écrit :
Hi Sergio,
Thanks for your replay..
Than in the specific recommended configuration of G3 on checkpoint site there is a
Integrated Smart Array 5i Plus. Than I think that drivers for this array is
present in secure platform.. but I must be sure of it.
Is true?
If
Edouard Zorrilla a écrit :
Thanks for your Reply Sir,
Regarding the point stated here I have a couple of question I hope you
can answer this:
1.- You said: [ if you set a vpn community between your gateway and
site b, and specify accept all encrypted traffic in the community or
create a
Hello,
I defined a URI ressource and uses it with https on my rulebase for a
solaris ha cluster.
but when I switch from the running node to the other one, the https
traffic is blocked.
I need to reinstall the policy to have it work again.
I guess the proxy information is not synchronized
pkc_mls a écrit :
Hello,
I defined a URI ressource and uses it with https on my rulebase for a
solaris ha cluster.
but when I switch from the running node to the other one, the https
traffic is blocked.
I need to reinstall the policy to have it work again.
I guess the proxy information
Markus Schmidt a écrit :
Can you share your solution anyway, please?
sure, here is an extract from th ecluster xl guide for NGX R61 (page 38) :
The state of connections using resources is maintained in a Security
Server, so
these connections cannot be synchronized for the same reason that
Hi all,
Could anyone confirm that antivirus checking (no CVP) can't be done on a
nortel switched firewall ?
I tried to find some infos on nortel or checkpoint website, but didn't
found anything interesting at the moment.
Has anyone ever used such hardware ?
If so, as gateway only or
Bhavin Gandhi a écrit :
Hi...
I got below errors on 1 of our Nokia boxes
kernel: wd0: interrupt timeout:
kernel: wd0: status 50seekdone error 1no_dam
kernel: wd0: wdtimeout() DMA status 0
kernel: wd0: wdunwedge failed:
Could this mean the HD would give in someday??
sure,
ask Nokia for an
Hello,
I have some dns troubles to reach www.checkpoint.com.
could anybody give me the ip address of www.checkpoint.com and
secureknowledge.checkpoint.com ?
thanks
___
Découvrez une
pkc_mls a écrit :
Hi all,
Could anyone confirm that antivirus checking (no CVP) can't be done on
a nortel switched firewall ?
I tried to find some infos on nortel or checkpoint website, but didn't
found anything interesting at the moment.
Has anyone ever used such hardware ?
If so
Hi,
I'd like to use a route based vpn between a vpn1 edge and a splat cluster.
The connections between the edge and the cluster are done via :
- an MPLS link using private addresses
- an internet link.
the goal is to route in clear via the MPLS when this one is active, and to
route via
pkc_mls a écrit :
Hi,
I'd like to use a route based vpn between a vpn1 edge and a splat
cluster.
hi and happy new year all.
for those who are still interested with this config, its quite working,
except for a weird issue :
when the site to site vpn that uses the vti on the vpn1edge
Hugo van der Kooij a écrit :
On Tue, 2 Jan 2007, pkc_mls wrote:
Sounds like you need to rethink the antispoofing settings. Nothing
rulebase related in this log line.
sure, but you can't modify the antispoofing settings for the vpn1 edge.
the interfaces are set as external or antispoofing
Hugo van der Kooij a écrit :
On Wed, 3 Jan 2007, pkc_mls wrote:
Ever noticed the rapid jumps made in the releases of VPN-1 Edge
firmware? They happend around the time we were debugging this issue.
It usually pays to upgrade your VPN-1 Edge firmware in my experience.
I'm already using
Tom louis a écrit :
anyone know how to change the idle timeout so it is a longer amount of time?
you can set the value in the /etc/bashrc.
check for the TMOUT settings in this file.
Good morning,
I have some problem after an upgrade for eventia reporter. (r55 - r61).
The eventia reporter don't get any information from the database, so I'd
like to reinstall the whole stuff,
but keep the datas.
what's the best way to export the datas from the actual config, and
reimport
Christian Billette a écrit :
Sorry, I didn't mention the error
Unable to open '/dev/fw0': No such file or directory
Failed to get interface list: No such file or directory
Cannot get interface list: No such file or directory
Didn't you forget to reboot after your cpconfig/sysconfig ?
hello,
does anyone know any tool to read the content of a fw debug file,
ie fw ctl kdebug -f debug.out ?
thanks
___
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et
Hugo van der Kooij a écrit :
On Fri, 12 Jan 2007, pkc_mls wrote:
does anyone know any tool to read the content of a fw debug file,
ie fw ctl kdebug -f debug.out ?
gvim usually does the trick for me.
Hugo.
I thought about a tool to make the reading of such file easier, like
ikeview
Mark Senior a écrit :
Hello list
I've got a HA firewall, a pair of SPlat R55 boxen, on which I'm going
to be
splitting one interface (of each member, obviously) into two VLANs.
We'll
be swapping out some other network equipment at the same time, such
that a
bit of downtime will be
Anupam Gaur a écrit :
hai all,
Please Please Please help
We are using Checkpoint configured on Nokia IP 350 in IP Clustering load
sharing at our two loactions Noida and Pune. Both the locations have their
separate clusters with exactly the same hardware and same hot fix
configurations.
Both
Hi all,
I have some troubles when trying to install the policy on a nokia
running NGX R60 HFA 3 :
fwloghandle_check_string: invalid char in string (ascii -24)
Failed to Load Security Policy: Cannot allocate memory
Failed to Load Security Policy: Kernel memory allocation failed
Fetching
References: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
pkc_mls a écrit :
Hi all,
I have some troubles when trying to install the policy on a nokia
running NGX R60 HFA 3
Hi all,
I recently received a pdf file that describes how to set source routing.
as written by Paolo, this is not supported by checkpoint, but the pdf
indicates that some customers
are running such configs.
I can send it directly, or put it somewhere on a website if any are
interested.
Mr
sin a écrit :
Edouard Zorrilla wrote:
Me too, please send me the PDF,
since so many people want this document maybe the original poster should
put it somewhere where people cand download it and publish the URL on
this list.
sure, I already thougth about it and asked someone who
Scarpati Massimiliano a écrit :
Hi Guys,
a question for you:
I must install SPLAT on HP G4 and I have media kit Checkpoint R55 HFA 12
installed on a brand machine. At present My build of SPLAT installed is
Build 121
On Compatibility list Checkpoint site G4 is supported from Build 124.
What
Scarpati Massimiliano a écrit :
Ok, i have an Enterprise Software Subscription and Standard Support with my
Licence that I pay. Is it useful for me to ask an Image? Or could my partner
contact checkpoint and ask an iso for me with my Enterprise Software
Subscription and Standard Support?
If
Hello,
I'd like to set up an adsl vpn1 edge and connect it to a smartcenter,
but every time I try to connect I have a message
that says :
cannot connect to smartcenter.
the connectivity is fine, ie the vpn1 edge and the smartcenter can ping
each other.
the traffic between the vpn1 edge and
Mark Elsen a écrit :
On 1/24/07, pkc_mls [EMAIL PROTECTED] wrote:
Hello,
I'd like to set up an adsl vpn1 edge and connect it to a smartcenter,
but every time I try to connect I have a message
that says :
cannot connect to smartcenter.
Is your edge included/allowed in the security policy
Robby Cauwerts a écrit :
#sk31524 ?
for everyone who doesn't know all secureknowledge entries :
sk31524
When the VPN-1 Edge device is managed by a SmartCenter Server it must
not have a manual certificate installed. Only when the VPN-1 Edge device
is standalone can a manual certificate be
Robby Cauwerts a écrit :
On 1/24/07, pkc_mls [EMAIL PROTECTED] wrote:
the vpn has no certificate.
any other idea ?
Br;
Robby
What the release version of your management server?
the smartcenter runs ng r55.
how can I get a compatibility matrix between vpn1 edge firmwares
Robby Cauwerts a écrit :
On 1/24/07, pkc_mls [EMAIL PROTECTED] wrote:
Product: VPN-1 Edge
Version: NG
Last Modified: 11-okt-2006
Symptoms
[EMAIL PROTECTED], VPN-1 Edge S, X series are unable to connect to the Service
Center (SmartCenter Server) after recently preforming an upgrade or a new
Ted Serreyn a écrit :
Check NAT, check that the edge box is defined properly on the management
station and you have pushed the policy to any firewall that you talk
thru/to.
Once that is done make sure the 9280 and 9282 packets are actually getting
to the management station. If this is the
Alex a écrit :
i repeat myself
what about: #sk32128
is the edge defined as edge adsl in smartcenter ?
sir yes sir !
you have to have the edge x adsl in the dropdown window of the edge
object not simply select a edge x!!
sir yes sir !
in this sk entry you can find a dbedit script to add
Hugo van der Kooij a écrit :
On Fri, 26 Jan 2007, pkc_mls wrote:
Remove the empty lines. They should not be there and they will prevent
a correct application of the fix.
Hugo.
I tried to run the script line after line manually.
here is the result :
dbedit modify sofaware_gw_types VPN
Corrado Motta a écrit :
Hi Gurus,
I'm looking for the drivers for a Quad Intel NIC
It seems to be supported from Splat R62 but I'm unable to find the
right driver.
try to find the drivers for tred hat enterprise linux 3.
install the rpm, and it should work.
you can search the drivers via
Hi all,
I have some troubles to open some cpinfos with the latest infoview I
downloaded from checkpoint.
here are the details from my version :
InfoView Version 3.6.0
Build: 36074
For internal use only
Created: 25/Jun/2006
Designed and Written by Shaul Eizikovich
[EMAIL PROTECTED]
has
Hugo van der Kooij a écrit :
On Thu, 1 Feb 2007, pkc_mls wrote:
has anyone ever managed to get a more recent version of cpinfo ?
Yes. But I suggest you use your Check Point contacts to get it. I will
considere request for that versions as SPAM. If you need a working
infoview then you need
pkc_mls a écrit :
Hello,
I'd like to set up an adsl vpn1 edge and connect it to a smartcenter,
but every time I try to connect I have a message
that says :
cannot connect to smartcenter.
the connectivity is fine, ie the vpn1 edge and the smartcenter can
ping each other.
the traffic between
Sergio Alvarez a écrit :
Hello,
I have the following scenario:
- VPN-1 Edge (firmware version 7.0.27)
- R60 HFA04 SMC (w/ proper libsw files installed and running on Windows
2003)
- R60 HFA04 HA cluster (active/standby) running on SPLAT
The SMC is managing both the cluster and the Edge and
Good afternoon,
Is there a way to specify on ng ai r55 the ip address that is used by a
checkpoint gateway
for the vpn communication (ike) ?
There is an option in the NGX version, but I guess there was a
workaround already in R55.
for example, if my gateway is defined with a 10.10.10.1 ip
Hugo van der Kooij a écrit :
On Thu, 1 Feb 2007, pkc_mls wrote:
has anyone ever managed to get a more recent version of cpinfo ?
Yes. But I suggest you use your Check Point contacts to get it. I will
considere request for that versions as SPAM. If you need a working
infoview then you need
No Name Available a écrit :
Hi,
We find in information on console.
hi,
just to be sure, your email shows nokia.com, so it means you work for
nokia ?
if so, you should have proper access to checkpoint support.
[LOG-CRIT] kernel: FW-1: Log Buffer is full
[LOG-CRIT] kernel: FW-1:
good morning,
I'd like to set up manual NAT on an high availability cluster.
( running NGX R61 HFA 01).
so I need to fill the sysctl.conf, add a static route and also add a
static arp entry.
as I'm running a splat high availability cluster, I also have to do the
same on every
member of the
Paolo Riviello www.paoloriviello.com a écrit :
Automatic Proxy ARP
When using static NAT, the cluster can be configured to automatically
recognize the
hosts hidden behind it, and issue ARP replies with the cluster MAC, on
their behalf.
This process is known as Automatic Proxy ARP. If you use
be a sacrament. (H)
From: pkc_mls [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] High availability cluster and manual NAT
Date: Wed, 14 Feb 2007 13:32:26 +0100
Nick Whitworth a écrit :
Hi Reinhard,
Fw1 is not running.
When I run tcpdump I get
# tcpdump -ni eth3c0
tcpdump: /dev/bpf100: No such file or directory
#
Any other ideas? Do you know how I can wipe the config so that I get
back to the initial configuration prompts?
rm /config/active
Nick Whitworth a écrit :
I have run rm /config/active and rebooted. During the setup, no interfaces
appear to be configurable. Any ideas? How can I view the logs you are talking
about?
You can configure your system in two ways:
1) configure an interface and use our Web-based Voyager via
Nick Whitworth a écrit :
I can't do this as the company policy is for all firewalls to be running
the same version of IPSO and CheckPoint. We have 20+ firewalls on NGX
R60 and IPSO 4.0 build 30.
and all are the same hardware revision ?
all are flash based with the same flash revision ?
Hi all,
I'd like to set up a pppoe connection to connect to internet via an adsl
router.
I hope the line works fine, but I didn't check with another device.
I followed the ipso documentation, but I don't know if I have to setup
static (I don't think so),
dynamic or unnumbered.
could
Hugo van der Kooij a écrit :
On Tue, 20 Feb 2007, pkc_mls wrote:
I'd like to change the default multicast mac address used for
checkpoint cluster interface in Load sharing mode,
because my network equipment (Nortel) doesn't accept the 01:00:5e mac
address.
I can change it manually using
Kim Longenbaugh a écrit :
Hi,
We have never utilized the VPN portion of the FW-1 product.
hi,
1st : check if you have the proper licences to use the VPN.
Now, there's a proposal to do that.
Is it possible to set up branch tunnels coming from a Nortel Contivity
VPN device and the FW-1, and
Tauseef Khan a écrit :
Hi All
I have got a strange problem and wondering is someone there to help me
out. I cannot get any log entries in smart view tracker from enforcement
module which is a nokia ip 350 ipso 3.9 checkpoint ng r55. I Can telnet
management server on any cpmi ports (256, 257,
Dave Allen a écrit :
Hi all,
Hi
Can anyone thing of any reason why a perfectly good, functioning,
primary management server, running NGX R60 on a Windows 2003 Server
platform, has the Secondary Management server option de-selected and
greyed out, under Checkpoint products, when attempting
Neil Kemp a écrit :
Thats the problem !
Just another quick question, does anyone know if memory from any of the
other appliances will work - such as memory from an IP650 or IP440 ?
I'm quite surprised, because if you buy the same kind of RAM from the
same manufacturer
(don't forget to use ECC
Nick Whitworth a écrit :
Hi,
hi,
I saw once a vpn that magically worked after we deleted the remote
gateway on the smartcenter and
recreated it with exaclty the same parameters.
if the vpn already works fine in one way, the settings should be ok.
could you just confirm that you're
Hi all,
If I allow the telnet and let a telnet window open without typing
anything within, I have a timeout after
some minutes.
smartview tracker shows the following :
Type: Log
Action: Drop
Protocol: tcp
Service: telnet (23)
Information: TCP
Matthias Leu a écrit :
Hi,
you can adapt the timeout per service.
Have a look at the object representing the service and select
'Advanced'. Here you can chose an individual timeout for e.g. telnet.
Hope it helps,
best regards,
Matthias
I already tried to modify the timeout for telnet,
Chau, P (Paul) a écrit :
Hi,
I need to generate a license key from a newly purchased secureclient
license. In the usercenter should I use the IP address of the
enforcement gateway or the management server?
checkpoint recommends to use the IP of the smartcenter, because if you
decide to
Ken Cameron a écrit :
I'm trying to set up a remote client and what seems to happen is the
firewall sees the initial key exchange when the user creates the site.
But when they try to do a connect to the site, the firewall sees no
traffic from the user pc. Anybody got clues about this??
I'm
Thiago Formagi a écrit :
Hello guys.
Thank you for the replies.
I'll tell my costumer about avaliable features in HFA_05 package.
But if I need to ugrade to R62 how could I automatically do it? I
just need to put the R62 CD in driver and will it automatically
upgrade to R62?
felipe gonzales a écrit :
hi all
i installed splat ngx r62 (power) for testing in a lab environment. after installing my ngx licenses i got different error messages
on the smartcenter: no valid license found on smartcenter server
on the firewall modules: failed to load security
Hi all,
when I try to save a group of users, I have the following message :
Failed to save object VPNNG-group
server error is : the referenced object at field groups is invalid
reference.
has anyone ever seen this ?
sin a écrit :
sure it runs, just run it like this:
echo y | $FWDIR/upgrade_tools/upgrade_export fw1-`date +%d%m%Y`
there is even a -n option to avoid the echo y.
this option is described in checkpoint sk but upgrade_export -h doens't
mention it.
and inside $PWD you should get an archive
sin a écrit :
Gil Sudai wrote:
For this reason and after several years of operation, the FW-1
mailing list
will be closed in the next days and its content will be placed in the
Miscellaneous forum.
Hi, If any of the subscribers of the mailing list is interested in
continuing using a fw-1
Ronny Vaningh a écrit :
Hi
I'm in progress of upgrading some firewalls to IPSO 4.1B25 (in combo
with R55P HFA08) in preparation of a move to NGX
I thought that the r55p was only designed for ipso 3.8.
I have a compatibility matrix from nokia somewhere, so I can send it by
email.
I never
Verhille Nicolas a écrit :
What is the email to subscribe to it ?
[EMAIL PROTECTED]
and Phoneboy posted this recently :
There was some concern, and even questions in my own mind, about
whether or not I should shut down this mailing list. With the word out
now that Check Point is closing
Hi all,
I'd like to run a scp from a debian running openssh 4.3 to a
secureplatform ngx r62.
the ssh works fine, but the scp alwas answers : lost connection
there is no drop, I can only see when I had some debug to the ssh client
that he tries to run a scp -v -t /dir;
has anyone ever
1 - 100 of 438 matches
Mail list logo
