From: Stala <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge setup - getting close!
Date: Wed, 30 Jun 2004 19:03:01 -0400
naw not even close to production yet.
I am still having the issue with the one way traffic, I don't remember any
translation rules that are affecting it but I will check tomorrow.
Thanks for the info...
----- Original Message -----
From: "Ray" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 30, 2004 3:21 PM
Subject: Re: [FW-1] Edge setup - getting close!
Are these in production yet? If not, ask your Check Point SE to see if they
can get you a copy of the latest beta firmware. Another resource is the
discussion forums at www.sofaware.com
Ray
>From: Stala <[EMAIL PROTECTED]>
>Reply-To: Mailing list for discussion of Firewall-1
><[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: [FW-1] Edge setup - getting close!
>Date: Tue, 29 Jun 2004 23:06:05 -0400
>
>I am running version 4.0.85x
>
>hardware version is 1.0
>
>I am getting a 1 way encryption domain, I have the encryption domain set
to
>a network object in the firewall, In the LSM I have the vpnedge object
with
>an encryption range set in it.
>
>I can get traffic to encrypt from the edge box to the Nokia but not back
to
>the edge box, I get an error that there is a translation error. and it is
>dropping it.
>
>----- Original Message -----
>From: "Ray" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, June 24, 2004 11:06 PM
>Subject: Re: [FW-1] Edge setup - getting close!
>
>
>Yeah, I saw some of that also until I got it managed by the SmartCenter
>server. I'm going to add its encryption domain to our network monitoring
>system and ping it every minute to get a better feel for what's going on.
>
>I was seeing continuous traffic flow from the Edge encryption domain but
>the
>reverse was what was intermittent. Oddly, one of my internal subnets
could
>ping it all the time but a couple others couldn't do it and I was seeing
a
>"no valid SA" message in the log from those subnets.
>
>In other words, some subnets were two-way and others were one-way,, from
>the
>Edge to them but not back.
>
>What firmware version are you on?
>
>Ray
>
> >From: Stala <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: [FW-1] Edge setup - getting close!
> >Date: Thu, 24 Jun 2004 20:57:44 -0400
> >
> >I keep getting a problem with the encryption domain going away, the
>tunnel
> >is still up but no traffic will flow and then for no reason at all the
> >traffic starts flowing again, Lots more testing will need to be
done....
> >----- Original Message -----
> >From: "Ray" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Thursday, June 24, 2004 4:50 PM
> >Subject: Re: [FW-1] Edge setup - getting close!
> >
> >
> >Nothing personal, Chris, but I hope that's wrong... :-)
> >
> >Although I was leaning as to that being the answer. <sigh>
> >
> >Ray
> >
> >
> > >From: Chris Hoff <[EMAIL PROTECTED]>
> > >Reply-To: Mailing list for discussion of Firewall-1
> > ><[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: [FW-1] Edge setup - getting close!
> > >Date: Thu, 24 Jun 2004 10:51:59 -0500
> > >
> > >In order to route all traffic through the vpn, you have to be using a
> > >star community and check the radio button to route all traffic
through
> > >the hub.
> > >
> > >Regards,
> > >
> > >Chris
> > >
> > >-----Original Message-----
> > >From: Mailing list for discussion of Firewall-1
> > >[mailto:[EMAIL PROTECTED] On Behalf Of Ray
> > >Sent: Wednesday, June 23, 2004 10:05 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: [FW-1] Edge setup - getting close!
> > >
> > >Turns out it is, although not as fast as I thought it would. It's not
> > >logging traffic coming in via the VPN, just stuff trying to go to
> > >targets outside of the primary gateway VPN Dmain, which it is showing
>as
> > >"accept"
> > >and not "encrypt".
> > >
> > >So I'm back to my original quandry of how to make it route eveything
> > >down the VPN. Is this just not possible in a mesh VPN or could it be
> > >done with a static route somehow?
> > >
> > >I dunno...
> > >
> > >Ray
> > >
> > > >From: Ray <[EMAIL PROTECTED]>
> > > >Reply-To: Mailing list for discussion of Firewall-1
> > > ><[EMAIL PROTECTED]>
> > > >To: [EMAIL PROTECTED]
> > > >Subject: [FW-1] Edge setup - getting close!
> > > >Date: Wed, 23 Jun 2004 19:49:29 -0400
> > >
> > > >Second problem: How do I get the Edge box to send its logs to the
> > > >SmartCenter server? I can't see that it's doing that.
> > >
> > >_________________________________________________________________
> > >Make the most of your family vacation with tips from the MSN Family
> > >Travel Guide! http://dollar.msn.com
> > >
> > >=================================================
> > >To set vacation, Out-Of-Office, or away messages, send an email to
> > >[EMAIL PROTECTED]
> > >in the BODY of the email add:
> > >set fw-1-mailinglist nomail
> > >=================================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >=================================================
> > >If you have any questions on how to change your subscription options,
> > >email [EMAIL PROTECTED]
> > >=================================================
> > >
> > >=================================================
> > >To set vacation, Out-Of-Office, or away messages,
> > >send an email to [EMAIL PROTECTED]
> > >in the BODY of the email add:
> > >set fw-1-mailinglist nomail
> > >=================================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >=================================================
> > >If you have any questions on how to change your
> > >subscription options, email
> > >[EMAIL PROTECTED]
> > >=================================================
> >
> >_________________________________________________________________
> >Is your PC infected? Get a FREE online computer virus scan from McAfee®
> >Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
>_________________________________________________________________
>Is your PC infected? Get a FREE online computer virus scan from McAfee®
>Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win
a trip to NY
http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
