Yeah, I saw some of that also until I got it managed by the SmartCenter server. I'm going to add its encryption domain to our network monitoring system and ping it every minute to get a better feel for what's going on.
I was seeing continuous traffic flow from the Edge encryption domain but the reverse was what was intermittent. Oddly, one of my internal subnets could ping it all the time but a couple others couldn't do it and I was seeing a "no valid SA" message in the log from those subnets.
In other words, some subnets were two-way and others were one-way,, from the Edge to them but not back.
What firmware version are you on?
Ray
From: Stala <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] Edge setup - getting close! Date: Thu, 24 Jun 2004 20:57:44 -0400
I keep getting a problem with the encryption domain going away, the tunnel is still up but no traffic will flow and then for no reason at all the traffic starts flowing again, Lots more testing will need to be done.... ----- Original Message ----- From: "Ray" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 24, 2004 4:50 PM Subject: Re: [FW-1] Edge setup - getting close!
Nothing personal, Chris, but I hope that's wrong... :-)
Although I was leaning as to that being the answer. <sigh>
Ray
>From: Chris Hoff <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Edge setup - getting close! >Date: Thu, 24 Jun 2004 10:51:59 -0500 > >In order to route all traffic through the vpn, you have to be using a >star community and check the radio button to route all traffic through >the hub. > >Regards, > >Chris > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED] On Behalf Of Ray >Sent: Wednesday, June 23, 2004 10:05 PM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Edge setup - getting close! > >Turns out it is, although not as fast as I thought it would. It's not >logging traffic coming in via the VPN, just stuff trying to go to >targets outside of the primary gateway VPN Dmain, which it is showing as >"accept" >and not "encrypt". > >So I'm back to my original quandry of how to make it route eveything >down the VPN. Is this just not possible in a mesh VPN or could it be >done with a static route somehow? > >I dunno... > >Ray > > >From: Ray <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: [FW-1] Edge setup - getting close! > >Date: Wed, 23 Jun 2004 19:49:29 -0400 > > >Second problem: How do I get the Edge box to send its logs to the > >SmartCenter server? I can't see that it's doing that. > >_________________________________________________________________ >Make the most of your family vacation with tips from the MSN Family >Travel Guide! http://dollar.msn.com > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >[EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, >email [EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >=================================================
_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
