All, Setting up Checkpoint NG AI R54 for the first time on two Nokia IPSO 350's running IPSO3.7Build31 in VRRP HA. Curious how others handle having private address ranges (ie. 10.x.x.x. for routers / switches etc) outside the external interface (when anti-spoofing is turned on). I find that checkpoint will drop my connection attempts to these routers/switches due to anti-spoofing. Is the only way to turn Anti-Spoofing off?
Also, having troubles setting up partial automatic client user authentication. I have configured a rule (above the stealth rule): '[EMAIL PROTECTED]' to 'any' for 'telnet, ftp and http'. The properties of the authentication rule are set to standard and partial authentication. The authentication works fine for telnet and ftp (ie. it intercepts the connection and requests client authentication first) but for http I get no authentication dialog box, just a page can not be found. Sometimes I have also been getting http://10.x.x.x/fwauthredirect10.x.x.xid0000000720 in the address box and a page can not be found. If I use a user authentication rule instead then the authentication works fine for all telnet ftp and http. Any ideas? One last question - When configuring VRRP is it necessary to select the ticket box 'Cluster Interface' on the interface properties screen, for each interface involved in VRRP? When I do this I get warnings about "Interface x of cluster member y is marked as a shared cluster interface, however its IP address doesnt belong to any of the member networks of the cluster's interfaces'. Is this tick box only for using Nokia IP Clustering (not VRRP)? Thanks, iX ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
