RE: [FW1] Query-urgent

Jarrett Goetz Sun, 20 Aug 2000 00:44:27 -0700

In response to answer #2, just be careful when/if you end up pushing
individual policies to individual firewall modules from an Enterprise
Management console.  It is very easy to push the wrong policy to the wrong
unit if you are at all tired, working too quickly, etc.  It is definitely an
'Oh sh*t!' moment....

Let us (me) know how it all works out, I definitely have many of the same
questions/concerns that you do because we have some similar circumstances.

Good luck.

Jarrett

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 17, 2000 08:25
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [FW1] Query-urgent



1. Logging options  is now clear ,but how will be we able to distinguish
the logs of different FW modules.

You will distinguish them by looking at the "Origin" field in your log
viewer. This field will give you the interface of your originating firewall.

 2. As per my understanding , a single policy will be pushed by management
console to all FW Modules ?
Depends. you can specify many policies for many FW modules. When you want to
install policy A to FW A, load policy A, install it. The FW mgmt will ask
for FW to install on, and you just chose A. and click OK, the policy will be
pushed only to A, not B and C...


-----Original Message-----
From: Ash's Yahoo [mailto:[EMAIL PROTECTED]]
Sent: 17 February 2000 07:05
To: Robert MacDonald; [EMAIL PROTECTED]
Subject: Re: [FW1] Query-urgent



Hi,
 1. Logging options  is now clear ,but how will be we able to distinguish
the logs of different FW modules.
 2. As per my understanding , a single policy will be pushed by management
console to all FW Modules ?
 3. How the licenses will work ? Would I be able to push licenses from
Management Consoles ?
 4. IF one remote location has Floodgate and the locationd where Management
Console is there and the other location does not have Floodgate ,Will it
Work ?(Precisely the licenses)
I know I am asking for too much but I am sure for FW Gurus these are just
small queries from a new Friend.

Regds,
Ash


----- Original Message -----
From: Robert MacDonald <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, August 11, 2000 2:08 PM
Subject: Re: [FW1] Query-urgent


Ash,

1. On the fw modules.
2a. It could choke the line, depending on how
much logging is going on.
2b. Yes. You may place as many entries in the
$FWDIR/conf/loggers file, which specify the IP
addresses of each management station to receive
log entries. If this file is empty, then it will default to
system that the modules in running on(itself).

The system will sequentially try each entry until it
connects. If you preceed the entry with a '+', then
it will direct log entries to all of these systems. It
will direct to all '+' systems if it can connect. If
it can't it will try each of the non '+' systems
until it succeeds.

3. Yes, to the best of my knowledge.

hth,
Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> "Ash's Yahoo" <[EMAIL PROTECTED]> 2/11/00 4:50:05 AM >>>
>Hello Gurus,
>     We have got 3 offices and are planning to establish a VPN between
them.The 2 locations will have
>FW Module and the headoffice will have FW Module + Management Console.
>Now, the issue
> 1.Where will the logs will be generated ?
> 2. If it is in the HO only where the management Console then it will choke
the HO bandwidth ,Is there is
>any way that the  logs of respective FW Modules be placed at their
respective ends only ?
>3. Since HO is the largest network ,we are planning to have Bandwidth
Management (FLOODGATE ) for
>that also there. Is it possible to have Floodgate at HO and not on the
Other 2 locations and manage
>everthing with the Single management console.
>(OfCourse it will do the bandwidth management for HO only).
>
>Hope to get too many solutions and suggestions.
>
>
>Cheers,
>Ash


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Query-urgent

Reply via email to
