RE: Nokia 330 Configuration

Little, Craig \(SSI-SIAP-NP5\) Tue, 22 Aug 2000 18:19:04 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>Mark Maling wrote:
>>Once I get everything configured and turn the firewall package "on"
>>through the Voyager program, then reboot the unit, I can no longer
>>access the unit through Voyager.

This is because the default security policy is a 'drop everything'
rule.

>>Before turning on the firewall software, I made
>>sure that Voyager access was enabled, and admin login was allowed.

This allows you to connect using Voyager, but does not override the
security policy.

>>I figured out how to blow away the configuration and start from
>>scratch by removing the config file, but when I reconfigure it,
>>same thing happens, I can no longer get into Voyager after enabling
>>the firewall.

Before restarting the box, you need to go into Voyager and stop
Checkpoint
from starting automatically.

>>Also, after
>>enabling the firewall, I can't access the internet using a client
>>PC with the firewall configured as its gateway. I can however, ping
>>to the outside interface of the firewall from a client PC connected
>>to the internal network. From a console connection on the firewall
>>appliance I can also ping the router at my ISP, so I know that I am
>>at least getting out to their network.

If you have installed FW-1 4.1 (not SP-1 or SP-2), then the default
policy
allows ICMP. The easiest way to get access back to the machine is to
define
a policy in the policy editor (which allows http and telnet access
from your
management machine), connect to the Nokia's console and log in as
admin,
run <fw unload all.all>, then install the new policy from your
management 
console.


Kind Regards,

Craig Little  BSc, CPD, CPI, SCJP, CCSA, CCSE
Inter-Networking / Security Consultant

Shell Services International

Phone:  +64 4 462 4661
Fax:            +64 4 463 4060
Mobile: +64 21 37 5858
mailto:[EMAIL PROTECTED]
http://www.shellservices.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOaJ9v8kKSVawnurJEQJJ+gCeO+X13fTvLnTWkUQmlMDNuLRNMEoAn1Be
fz4lR2pROqMh4gKk5FmotNKh
=NS6E
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: Nokia 330 Configuration

Reply via email to
