Re: [FW-1] Trouble in communication on port 18182
Try using no authentication (if not already done). That is old version compatibilityRK Serwatko Pawel wrote: Hi everybody I have big trouble with my firewall. I have web filter working as UFP security server. It was worked about a year without any trouble. Suddenly I noticed that communication between management station and webfilter station gone. I tried to repair this. I even reinstalled webfilter machine from the beginning. Then I tried to configure another webfilter which use the same method to communicate with Checkpoint FW (UFP server). Communication on AMON port is working in case both web filters. But when i try te get dictionary (downlaod web categories to smartdashboard on management station) on port fw_ufp (TCP 18182) I have a trouble. The Get dictionaries windows is turning up and thats all. I checked the rules on firewall communication on this port was set. I had webfilter server on DMZ zone and it didn't work so I cross this server to LAN network and it's still not working. I installed sniffer on webfilter server and try to track the packets. It was suprise for me that none packet from fw manegement station didn't got to webfilter. I don't know what to do with it. Does anybody can help how to restore communication on TCP 18182 port. Of course I tried to change the port to another and it is also not working. Thanks for any help. Pawel [EMAIL PROTECTED] = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Unable to connect - SecureClient on XP SP2
We are using NGX Client on XP SP2 with firewall on without any issues. Have you tried in another machine? Tom Brown wrote: I have installed NGX SecureClient (598000191_1) on my laptop (XP SP2) - so far so good. When I try and create a new site, I give it the IP address, click Next and I go straight to the Select Connectivity Settings screen, bypassing the Authentication screen altogether (so I can't select my certficate). If I click Next again, I get the Connecting screen with the blue bars marching across - but it never seems to time out. I've had the problem once or twice in the past, and uninstalling then reinstalling SecureClient usually fixes it, but this time it simply won't behave. I haven't found anything sensible on teh Checkpoint KB on this either. === firewall on SP2 blocking it? i had a similar thing using sementec as the personal firewall was messing with things = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Backup rules - Fix for enter issue on 'upgrade export'
I have a related question. When doing upgrade_export in a script through cron, I get an error FWDIR env variable not set. But I have given FWDIR=/opt/cpfw1-r55. Is there any mistake done here. echo $FWDIR on the command prompt returns the same. Upgrade export work from the command line and this is a solaris 9 machine. Thanks for the help in advance.RK Tahir Khan wrote: upgrade_export requires an enter key to be pressed. The following command will work: echo | upgrade_export FILENAME Tahir = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Cannot see the ipsec peer to set preshared key
Choosing the topology depends on what kind of requirement you have. If you just have to communicate with your network and the collegues network, star topology is the right choice. If you have more than two gateways and all the gateways have to communicate with each other, then you should go for mesh topology. ThanksRamki Tauseef Khan wrote: Can I choose mesh topology or do I have to use start topology in this scenario. Kind regards Tauseef -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Priyakant Taneja Sent: 06 January 2006 10:34 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Cannot see the ipsec peer to set preshared key Hi Tauseef, He will have to add your checkpoint as externally managed gateway and have to define vpn domain in topology of that. Then he will have to add both the gateways ( his own and yours) in vpn community. After that he will be able to define preshared keys and other vpn parameters. Try and let us know.. Regards Priyakant -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Tauseef Khan Sent: Friday, January 06, 2006 3:48 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] Cannot see the ipsec peer to set preshared key Good morning/evening Gurus I am setting up a vpn in traditional mode. Both the peers are running checkpoint. I set up the community on my side having both the peers and went to VPN properties to set the preshare keys. I can see my peer in the list of preshare keys bout my colleague in US cannot see his peer in the list to set presahred key. Help would be appreciated. Kind regards * For addressee only. No legally binding commitments will be created by this e-mail message. Where we intend to create legally binding commitments these will be made through hard copy correspondence or documents. 3i Investments plc Registered office: 91 Waterloo Road London SE1 8XP Registered no:3975789 Authorised and Regulated by the Financial Services Authority If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information in this e-mail. If you are not the intended recipient please contact us immediately. E-mail may be susceptible to data corruption, interception and unauthorised amendment, and we do not accept liability for any such corruption, interception or amendment or the consequences thereof. 3i is committed to following policies which protect your privacy and comply with current international data protection laws and regulations in respect of personal data. Further details of these policies can be found at www.3i.com. * = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = DISCLAIMER: -- This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error)please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, use or distribution of the material in this e-mail is strictly forbidden. --- = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = * For addressee only. No legally binding commitments will be created by this e-mail message. Where we intend to create legally binding commitments these will be made through hard copy correspondence or documents. 3i Investments plc Registered office: 91 Waterloo Road London SE1 8XP Registered no:3975789 Authorised and Regulated by the Financial Services Authority
Re: [FW-1] NGX ClusterXl office mode
Since the return packet from the host is sent back to the office mode ip, i have few questions. 1. Are you seeing the packets reach the firewall 2. Are you able to ping the officemode ip from inside the firewall machine 4. When you try connecting from the internal network to the om ip, is the traffic getting encrypted by the firewall. ThanksRamki Thorsten Heyming wrote: Hi, I have some trouble setting up office mode in NGX Cluster Xl. The connection succeeds and the client gets the office mode ip from the defined pool. (different pool on each cluster member) A connection to a host inside doesn't succeed (ping or telnet). The log shows the packet being decrypted. A network monitor shows the packet arriving hat the host and the reply packet being send back to the office mode ip. The office mode pool is different from my inside address space and routed towards the firewall. The office mode pool is not part of the encryption domain. Secure Client connections without office mode enabled work fine. Any help would be appreciated. Regards Thorsten = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] PLEASE READ: CHECKPOINT TECHNICAL SUPPORT SUCKS
ITs True. Although I had many good experiences with CP Support, I had that many bad experiences tooRK Dahate, Pramod wrote: I am in total agreement. I had an issue while applying HFA 16 on Checkpoint R55 NG AI on Nokia and they wanted me to rebuild the firewalls.Till date no solution but insist on closing the case and then reopening at later date. And the people r downright RUDE. That way the support at Juniper is excellent Pramod Dahate(MCSE,CCNA,CCSA,CISSP) Security Analyst Network Management Centre Getronics Australia Pty Limited -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Austin Sent: Saturday, 7 January 2006 12:06 To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] PLEASE READ: CHECKPOINT TECHNICAL SUPPORT SUCKS If I can suggest anything for you, use the Nokia support, they are excellent, and have never posed a problem support wise for my organization. Checkpoint support is notorious for being BAD! cisco4ng [EMAIL PROTECTED] wrote: I sincerely hope someone from checkpoint management read this forum. I opened a TAC case with checkpoint regarding a Provider-1 issue and RSA issue. Nobody from Checkpoint contacted me after two days of opening the TAC case. When I called checkpoint TAC regarding the case, they put me on hold for over 2 hours and I finally hung up out of frustration. This is not the first time this has happened to me regarding checkpoint TAC support. About 99% of the time, the solution they gave me has been absolutely useless. Furthermore, because we run provider-1 on sun solaris platform, these checkpoint bastards blames it on Sun solaris and refused to help us. We are also a cisco shop and we never have problems with Cisco TAC support since we are an MSP. Cisco TAC engineers are on-site once a week to help us troubleshoot problem and when we have a problem, we can get them in less than 5 minutes. Checkpoint has been pushing us to upgrade our current support to diamond level. I am going to tell my management to tell checkpoint to go to hell. I am going to do my best to convince my management to gradually migrate all our existing customers from Nokia/Checkpoint to Pix firewalls. cisco4ng - Yahoo! DSL Something to write home about. Just $16.99/mo. or less = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = - Yahoo! Photos Got holiday prints? See all the ways to get quality prints in your hands ASAP. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] AW: [FW-1] NGX ClusterXl office mode
Since the traffic is getting encrypted it looks the configuration at the firewall is fine. I am thinking the problem might be at the client side. Are you using desktop policy for the secureclient or any other firewall at the client side? You may want to check the logs at the client side if the traffic is getting blocked. You can also try traceroute to see where the traffic is getting blocked. Regds...Ramki Thorsten Heyming wrote: Hi, thanks for your answer. Regarding your questions: I am quite sure the packets reach the firewall although I did not use fw monitor to ensure this. But when I try to connect from the internal network I see the packets being encrypted and the vpn peer gateway is correct. From the firewall itself I can't ping the office mode IP. Thorsten Von: Mailing list for discussion of Firewall-1 [mailto:FW-1- [EMAIL PROTECTED] Im Auftrag von Ramki Security Gesendet: Freitag, 6. Januar 2006 13:25 An: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Betreff: Re: [FW-1] NGX ClusterXl office mode Since the return packet from the host is sent back to the office mode ip, i have few questions. 1. Are you seeing the packets reach the firewall 2. Are you able to ping the officemode ip from inside the firewall machine 4. When you try connecting from the internal network to the om ip, is the traffic getting encrypted by the firewall. ThanksRamki Thorsten Heyming wrote: Hi, I have some trouble setting up office mode in NGX Cluster Xl. The connection succeeds and the client gets the office mode ip from the defined pool. (different pool on each cluster member) A connection to a host inside doesn't succeed (ping or telnet). The log shows the packet being decrypted. A network monitor shows the packet arriving hat the host and the reply packet being send back to the office mode ip. The office mode pool is different from my inside address space and routed towards the firewall. The office mode pool is not part of the encryption domain. Secure Client connections without office mode enabled work fine. Any help would be appreciated. Regards Thorsten = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] SMTP Forwarding
I would like to point out that keeping firewall-1 out of smtp routing will avoid lot of trouble and performance issues...Ramki Reinhard Stich wrote: hi, if you have private IPs in your DMZ-network you can change the NAT for the IP of MX.yourdomain.com to the mail-router (and back if your anti-spam gw is up again). cheers reinhard At 14:03 08.01.2006, you wrote: My current setup for email is a Lotus Domino server sitting on the DMZ and a Lotus Domino server on the network. The server in the DMZ is setup with a static NAT with a public IP address and the MX record points to it and it routes mail into the network. I'm adding a spam firewall to the mix so I'm trying to determine the best route to take to add this with redundancy in mind.. One way is to setup the spam firewall in the DMZ the same as the email server and change the MX record to point to it and have it route to the email server. The problem here is if the spam firewall go's down I can't reroute the SMTP traffic to the email server to bypass the spam firewall until it is back online unless I change the MX record. I'm no expert with Firewall-1 but I'm thinking I should point the MX record to the firewall external interface and have it forward SMTP traffic to the spam firewall and then have it route to the email server. If the spam firewall go's down I can change the forwarding to the email server instead of the spam firewall until it is back online. The little research I have done so far looks like I would just setup a SMTP resource to do what I would like to do and let the firewall do the routing. John = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Prevent current policies being loaded on next boot
Hi Alex, If you have made the changes in the object and pushed the policy to the enforcement module, the next time it will load the new policy only even though you don't have the management server around. Only thing you need to take care is the os config for network and routing tables. That depends on the kind of OS you are using. Ramki Alexander Simbun wrote: Dear Techie, How to prevent the current policies being loaded during the next boot? I reconfigured the enforcement server with a new network settings and I had moved it to another new network. I would like the old local policies are not loaded when the server reboot as usual. Please advise. Thanks. Regards, Alex = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Retain check point firewall software after network settings are changed.
As long as you configure your OS settings and reconfigure the smartdashboard objects and push the policy, you should be good to go. May be you will require to re-establish the SIC if required. RegardsRamki Alexander Simbun wrote: Hi all, What should I do if I re-configured my existing firewall using different network settings and replaced the existing QuadCard with a new GigaSwift QuadCard? Do I need to uninstall the check point firewall and re-install it from scratch? I want to retain the firewall even after the network settings are different including using a new QuadCard. Regards, Alex = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] FW-1-MAILINGLIST Digest - 6 Jan 2006 to 7 Jan 2006 (#2006-7)
And you need to move all the licenses to the new smartcenter IP address...Ramki no-need to-list wrote: Thanks for letting the Mailing list know... that you have Blackberry Wireless Handheld device Cooper, Colin [EMAIL PROTECTED] wrote: -- Sent from myckBerry BlaWireless Handheld -Original Message- From: FW-1-MAILINGLIST automatic digest system To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Sent: Sun Jan 08 08:00:01 2006 Subject: FW-1-MAILINGLIST Digest - 6 Jan 2006 to 7 Jan 2006 (#2006-7) There are 7 messages totalling 860 lines in this issue. Topics of the day: 1. Cannot connect with SecuRemote (SR) 2. Backup rules (2) 3. Please help :TCP packet out of state for FTP ACCESS 4. PLEASE READ: CHECKPOINT TECHNICAL SUPPORT SUCKS (2) 5. Vendors -- a good one for me. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = -- Date:Sat, 7 Jan 2006 19:12:34 +0530 From:Vadiraj_Joshi Subject: Re: Cannot connect with SecuRemote (SR) SR doesn't do the Automatic MTU discovery, I have seen users getting authenticated but unable to update nor access the resources using the SR when on Broadband or PPPoE. Setting the MTU on the local machine to 1320 has solved the problems most of the time for me. One can use a utility available in SR installation .../bin Folder MTUAdjust.exe to change the MTU. Thanks Vadiraj -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Lino Eduardo Avila Rodr�guez Sent: Tuesday, January 03, 2006 4:52 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Cannot connect with SecuRemote (SR) You can try using srfw monitor It is located in the bin directory of your securemote installation. Maybe you can debug your problem with the client. Best Regards, Lino E. Avila -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Viernes, 30 de Diciembre de 2005 09:16 p.m. To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Cannot connect with SecuRemote (SR) Nevertheless, I still have a select few users that cannot connect to the server. The errors are Update failed or if creating a new site, they get timeouts. Strangely in the logs, I don't see any activity of the attempt to connect which leads me to believe something is blocking it on their site or somewhere in the middle. If you're using Implied Rules to accept the remote access connections, make sure you're logging the Implied Rules. I think it's off by default. One particular user has both cable and DSL connections and could not connect while on DSL. Switching to cable did the trick. Now that the site has been created, he can successfully reconnect over DSL. Unfortunately most of my users have only a single broadband connection. This is almost always a MTU problem. ADSL using PPPoE adds eight bytes to the packet, pushing it over the 1,500 byte limit and causing fragmentation. I don't know if SR does automatic MTU adjustment, but SC does. I've also seen this exact problem caused by junk home routers. Junk as spelled DLink. They could hook their computer directly to the Internet modem, create the site and then go back behind the router and all would be well. Is your firewall object specified with the internal interface or the external interface IP address? It really needs to be the external IP address. You don't happen to have SC, do you? Visitor Mode, which tunnels all of the IPSec protocols over TCP 443, is a real life-saver in situations like this. We've had many a hotel where they block all outbound traffic except 80 443 where Visitor Mode saved the day. Another fix, if they are semi-technically inclined and have admin access, is to email them a copy of the userc.C file from a computer that works. They will need to stop both CheckPoint services, save the file in the correct folder to overwrite the existing one and re-start the services. If you do this while the services are running, it won't work. I've used this procedure on a few computers that were behind junk routers but we could not risk exposing them to the Internet. Ray = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set
Re: [FW-1] Change of IP for remote VPN
You can use vpn tu to reset any particular SPI or remote peer. I think the option is 6 for this.Ramki Tom Brown wrote: Hi The firewall we connect to at the other end of a VPN has changed IP - It appears from our logs that our firewall still thinks the other firewall is on the origional IP - Is there anyway to flush the state or something without upsetting other tunnels? This is on SPLAT AI R55 thanks = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Gurus in this list. Please help
Did you tried putting the internal IP addressed in those machines local host table. This should by pass the dns server and resolve the fqdn locally to the private IP addressRamki cisco4ng wrote: Hi Gurus, Please advise with the following scenario: Checkpoint Secureplatform NG with AI R55w and the lastest HFA_04. This firewall has 3 interfaces, Internet, Internal and Dmz. I have a host in my Internal network with an IP address of 192.168.1.10. This host is static NAT to the Internet with an IP address of 129.174.1.8. I have a host on the Dmz network work with an IP address of 192.168.2.50. This host is static NAT to the Internet with an IP address of 129.174.1.13. The DNS server is being hosted by my ISP. The host 129.174.1.8 has a Fully Qualified Domain Name (FQDN) of db1.newco.com and the host 129.174.1.13 has an FQDN of crm.newco.com. Back to my network, the host 192.168.1.10 and the host 192.168.2.50 communicates with each other with the real address and everything is working fine via IP adress. Here is my problem: The customer just recently migrated from a Cisco Pix to Checkpoint Firewall. The customer has a propriatery application installed on both host 192.168.1.10 and host 192.168.2.50. This application communicates between host 192.168.1.10 and host 192.168.2.50 via Fully Qualified Domain Name (FQDN). It means that the application is embedded with the FQDN of db.newco.com and crm.newco.com in the application itself. To make the matter worse, it looks up the name via DNS. As you can see, it causes the problem because two hosts behind the firewall trying communicate with each other via public addresses. With Cisco pix firewall, there is a feature called DNS doctoring. For example, when host 192.168.1.10 communicates with crm.newco.com, it goes to the DNS server, which sits outside the firewall, and get a resolution of 129.174.1.13. Before, the reply comes back to host 192.168.1.10, the Pix firewall modifies the dns query and replaces 129.174.1.13 with 192.168.2.50. Is there something similar that can be done with Checkpoint as well? Right now, the workaround for me is to put up an Internal DNS server and have host 192.168.1.10 and host 192.168.2.50 use that Internal DNS Server. But the customer wants to use the Internal DNS server for some other functions. Please help. TIA cisco4ng - Yahoo! Photos Got holiday prints? See all the ways to get quality prints in your hands ASAP. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Two IP Ranges
Hi Saludos, You don't have to assign a secondary IP address. As long as your ISP router is forwarding the traffic for that IP range to your firewall, you can go ahead and implement static NAT (or Hide NAT) with the new IP range and it does works. Regards...Ramki Alvaro Gastambide wrote: Hi, I have a Check Point R55, and i a used all ip's provides by my ISP. So my ISP give me another IP range. To can use static nat with the second range, i have to put the public ip that i use in static nat as a secondary ip of the internet interface of the check point. Is it the correct way to use a secondary range ? Thanks. Saludos, Alvaro Gastambide - CCSA - MCSA Security Advisor www.sadvisor.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Secondary firewall shows unknown status in SmartViewStatus
Some time you may be unable to contact the cluster member if you configure the external ip in the member object. Try using the internal ip if the smartcenter server is inside your networkRamki David DeSimone wrote: Alexander Simbun [EMAIL PROTECTED] wrote: I have not yet re-establish the SIC. To do so, I have to detach the cluster member and re-initialize it again. Meanwhile, I'm also unable to ping the physical IP of the cluster's member. It is often the case that when you create a cluster, only the current cluster master can receive traffic. This is due to some settings on the cluster gateway object. Under 3rd Party Config you will find some options: Hide Cluster Member's outgoing traffic behind Cluster IP, and Forward Cluster incoming traffic to Cluster Member IP. I turn both of these options off. When they are on, the secondary member will try to send out NTP or DNS requests, and they get NAT'd behind the cluster IP, then when the replies come in, they are directed to the primary member, which doesn't understand why it is receiving such traffic. The traffic never reaches the secondary member that initiated the traffic. By turning these off, the traffic can reach the particular cluster member that originated the traffic. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Urgent please help. VPN issue
My experience is that simplified mode more relates to checkpoint at the other end. Traditional mode config is used with other vendors. It is ideal that we set both similarly and also matching the other end configurationRamki cisco4ng wrote: Hi everyone, I guess I should have elaborated a little more in the previous thread. I know how to do that in traditional mode. However, according to both Nokia and checkpoint documentation, whatever changes are being made in traditional has NO effects in Simplified mode, especially simplified VPN configuration (vpn community). Furthermore, according to Nokia, changes made in the traditional mode tab is NOT supported if the vpn is configured in simplified mode. I guess bottom line is that it is not supported in simplified mode. Thanks again everyone. cisco4ng Christopher Hoff [EMAIL PROTECTED] wrote: You can change the settings on a per node gateway by editing the traditional mode settings and going to the advanced settings. Thank you, Christopher Hoff -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Crist Clark Sent: Wednesday, January 18, 2006 4:45 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Urgent please help. VPN issue cisco4ng wrote: Hi gurus, Please help me with this problem. I am setting a site-to-site vpn between a Checkpoint NG firewall and a Cisco IOS device. The dude on the Cisco side keeps insisting that the IPSec phase II key re-negotiation be data-limit instead of of timeout limit. I know how to do that on Cisco device. For example: set security-association lifetime kilobytes 57193933 How can I achieve this in Checkpoint? In Checkpoint Simplified mode, I can only specify the timeout setting for IPSec phase II. FWIW, specifying the lifetime in time or byte count or both at once all MUST be supported according to the standard. Going straight to the Checkpoint database, I see the following, :isakmp.phase2_rekeying_kbytes (5) :isakmp.phase2_rekeying_time (3600) :isakmp.phase2_use_rekeying_kbytes (false) As attributes of IPsec endpoints. Names seem self explanatory. Can't say if they actually work. Dunno how to access them through the Dashboard or whatever they're calling it for now. You may need to edit the database with DBedit or the ol' 'vi objects_5_0.C'. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Performance Pack and SPLAT
Performance Pack (Secure XL) is a software pack which provides multi cpu support and performance improvements to encryption, NAT and many other operations. This is an additional license above your normal gateway license. It is not mandatory to install, unless you need the additional cpu support and other performance improvements which it provides. I know you cannot use Floodgate with performance pack and there are other dependencies which you may have to refer the performance pack guide. The license is included with NGX unless you already have a ppk license which you upgraded to NGX. But the software is available as part of NGX when you install. Smartdefense software is included in NGX (and some older versions too). What you need to buy is the subscription which provides regular updates for current threats. When you install, there will be the basic configuration which comes with the product. Smartview monitor is a licensed product which you need to purchase seperately. As usual the software is part of the NGX CD. Regards, Ramki Sam Ghannadi wrote: What is Performance Pack (SPLAT NGX)? Does Performance pack need to be installed on SPLAT (NGX)? what is included in NGX? is Smart Defense or Smart View Monitor included in NGX? thanks Sam __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] cp express license upgrade question
If you asked for an upgrade quote from checkpoint, it is kind of a trade-in. You have to remove the 100 ip license after putting in the 500 ip license. Regards, Ramki Tim Pearson wrote: Sorry for the simple question. I have a CP express that came with the 100 licensed ip's our environment grew past that and I bought the upgrade to 500. Once I add the 500 ip license, do I remove the original 100? Thanks Tim The information contained in this message is confidential and is intended for the above addresses only. If you have received this message in error or if there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Secure Client question
Just a related question? What kind of hardware is required for a E-Token. Is this some special hardware?Ramki fwguru wrote: Marius, Import the .p12 file and dont select the enable strong option. You will not be asked for a pass. SecureClient will have the password filed blanked-out. You should not need the cert pass. I dont recommend doing that, as probably many on this list would too. I would always get the cert and private off of the machine and onto an E-Token. After importing the cert, you can have the private stored onto an E-Token instead of the CAPI store. I use E-Token everday with certs. Works great with SecureClient and SSL Network Extender. You could even log onto a Windows network with it using a cert or an extremely long, randomly generated password that you dont need to know what it is. The cert can be stolen even if not marked as exportable if the .p12 file is still on the disk. ;) Neil Delacruz On 1/18/06, Ray [EMAIL PROTECTED] wrote: And as secure as the Windows logon pasword is. Ray From: Janis Myers [EMAIL PROTECTED] Reply-To: Mailing list for discussion of Firewall-1 FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Secure Client question Date: Wed, 18 Jan 2006 07:54:55 -0800 Sure you can! Under Windows doubleclick the certificate file (*.p12 file) and import it to your Certificate Store (MyStore) of Windows XP for example. During this procedure you have to specify your certificate password/pin. Then you can use the SecureClient with this certificate for authentication. You are able to find your Certificate in the pull down list of the SecureClient. You can use it without putting in the password again. The MyStore from Windows XP is secure (as secure as MS$ is). HTH Regards, Janis __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Secure Client question
Thanks...Ramki fwguru wrote: Ramki, Etoken is a hardware authenticator that connects to your USB port. Used for authenticating to just about anything. http://www.aladdin.com/etoken/default.asp Neil Delacruz On 1/29/06, Ramki Security [EMAIL PROTECTED] wrote: Just a related question? What kind of hardware is required for a E-Token. Is this some special hardware?Ramki fwguru wrote: Marius, Import the .p12 file and dont select the enable strong option. You will not be asked for a pass. SecureClient will have the password filed blanked-out. You should not need the cert pass. I dont recommend doing that, as probably many on this list would too. I would always get the cert and private off of the machine and onto an E-Token. After importing the cert, you can have the private stored onto an E-Token instead of the CAPI store. I use E-Token everday with certs. Works great with SecureClient and SSL Network Extender. You could even log onto a Windows network with it using a cert or an extremely long, randomly generated password that you dont need to know what it is. The cert can be stolen even if not marked as exportable if the .p12 file is still on the disk. ;) Neil Delacruz On 1/18/06, Ray [EMAIL PROTECTED] wrote: And as secure as the Windows logon pasword is. Ray From: Janis Myers [EMAIL PROTECTED] Reply-To: Mailing list for discussion of Firewall-1 FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Secure Client question Date: Wed, 18 Jan 2006 07:54:55 -0800 Sure you can! Under Windows doubleclick the certificate file (*.p12 file) and import it to your Certificate Store (MyStore) of Windows XP for example. During this procedure you have to specify your certificate password/pin. Then you can use the SecureClient with this certificate for authentication. You are able to find your Certificate in the pull down list of the SecureClient. You can use it without putting in the password again. The MyStore from Windows XP is secure (as secure as MS$ is). HTH Regards, Janis __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED
Re: [FW-1] firewall performance
cpstat. There are different options for that. Just run cpstat and find the optionsRamki Lino Eduardo Avila Rodríguez wrote: Hello Guys! What commands should I issue in the firewall to check if the firewall is perfoming ok? Best regards, Lino Avila = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Weird thing - Xtra space FW IP350
use fwm logswitch to switch the log to a new file and move/delete the old log fileRamki Harold Rugama C wrote: Hello Mr. Smaff, Thank you for replying to my message, your comments give an idea how to solve the inconvenience. I was surfing the file structure of my Nokia box to try free up some space in the hard drive with no luck. In linux if want to blank a log file, I simply use the following: $ logfile.log And this creates a file with the 0 bytes file size ready to use by the daemon to continue logging events. But in Nokia box, an errors show ups, expressing that the syntax isn't right and doesn't perform anything. Any ideas or comments, how to do this? Regards, -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Smaff Matthews Sent: Thursday, February 02, 2006 4:38 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject:Re: [FW-1] Weird thing - Xtra space FW IP350 On Wed, Feb 01, 2006 at 06:03:46PM -0600, Harold Rugama C wrote: Hi to All, It's a pleasure to write to all of you for assistance. I've been checking something strange with Nokia box, when I check the disk usage of the FW1, something really strange happen. Below you will see the actual disk utilization of my Nokia 350. /dev/wd0d 1473293514719891-1165590109%567 3562951 0% /var As you may see, there something not normal with /var partition. Can someone help me to find out what could be the problem??? Its just full... Its a UNIX thing rather than a nokia thing. UNIX allocates a certain amount of spare space on any partition purely for root (or admin on the Nokia - uid 0 either way) processes. Its basically to prevent non-administrative processes breaking the system by filling the disk to the point that admin process start failing because they can't write to various files. It'll almost certainly be your firewall logs. If you're using NG, you can set the log cycling periods, and maximum amount of logs it'll keep in the gui. If its an older version you'll need to setup a cron entry to do this. There's various examples out there of such scripts. Smaff -- You happen to be here, now. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] R: [FW-1] License Question
I believe the VFF license includes the VPN/Firewall license. Please note that checkpoint doesn't have any separate license for VPN. VPN FIrewall are same product. THanks, Ramki Lorenzo wrote: Shane If you launch SmartUpdate and choose the Licenses tab, you should see the details of installed license(s) and their use, else you can connect to the User Center on CP's internet site L. -Messaggio originale- Da: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Per conto di Shane Presley Inviato: martedì 14 febbraio 2006 1.18 A: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Oggetto: [FW-1] License Question Hello, I have a firewall with this license...(key changed obviously) 10.1.1.1never CPMP-VFF-25-NG CPVP-VSR-25-NG CPVP-VPS-1-NG CK-123456789C12 Can someone help me dissect this license? As best I can tell it's CPMP-VFF-25-NG - SVN Foundation 25 node CPVP-VSR-25-NG - Secure Remote 25 clients CPVP-VPS-1-NG - Secure Client policy server? Is one of those the firewall license? Would this license allow for VPNs? Thanks Shane = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
[FW-1] upgrade_export fails
Hi all, When I do upgrade_export on R55 HFA16, gives failed to export. No other specific messages. Tried restarting the firewall and the machine. No luck. Any ideas. Thanks in advance. Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] CLearing VPN tunnel in ASF
Try vpn tunnelutil. You can clear all or specific tunnels using thisRamki john maverick wrote: HI all, WE have an ASF 6000 series cluster and lot of site to site VPNs used.Periodically we need to clear some of these tunnel SAs. COuld anyone point out how the same can be achieved in a ASF cluster for a particular peer. ANy pointers would be appreciated Thanks and regards = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] CLearing VPN tunnel in ASF
I have tried it on Unix. Not on ASF...Ramki john maverick wrote: Hi, WE have tried that have you ever tried the same in ASF ???did you see it work ?? On 2/17/06, Ramki Security [EMAIL PROTECTED] wrote: Try vpn tunnelutil. You can clear all or specific tunnels using thisRamki john maverick wrote: HI all, WE have an ASF 6000 series cluster and lot of site to site VPNs used.Periodically we need to clear some of these tunnel SAs. COuld anyone point out how the same can be achieved in a ASF cluster for a particular peer. ANy pointers would be appreciated Thanks and regards = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Route issue ... newbie alert
Routing is totally handled by the underlying OS. Can you provide more information on the kind of OS. Looks like obviously a route configuration issue. Check all the other interfaces/routes on the box to see if any issues there. Ramki MARTIN, SAM wrote: All: ... maybe a mispost to the checkpoint list, Idunno ... Checkpoint FW1 v4 (192.168.1.1) won't forward packets to an internal network, 172.16.21.0 route add 172.16.21.0 mask 255.255.255.0 192.168.1.100 the gw of choice ( 192.168.1.100) is an hp9308m switch, altho' I don';t see an issue here, since Ethereal shows 'ping 172.16.21.63' going out the public interface of the checkpoint box. Other routes on checkpoint to internal networks work fine. route add 172.16.21.0 mask 255.255.255.0 192.168.1.100 works fine on my PC, 192.168.1.222 Maybe this has nothing to do with checkpoint at all, any suggestions welcome atb S Notice: This email was scanned by the C-SPAN InoculateIT AntiVirus Engine and is virus free. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] upgrade_checker_Solaris
Look at checkpoint upgrade guide documentRamki libone mhlanga wrote: Anyone know how to run this ? I have searched CP knowledge base to exhaustion ? ...possibly the worst documenters in the ENTIRE world bar none ? = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] New management console/server
Hi, Do you mean management console or management server. Which version of checkpoint you have? If on NG, you can use the upgrade utility to export the configuration and import it on the new box. (upgrade_export). You can download the latest pack for your version of software from checkpoint website. I would not recommend XP Pro for smartcenter server. Better get hardware that works with secureplatform and use it. That would do a lot of good. Regds, Ramki Stig Bull wrote: I'm about to retire our old management console since it's an aging W2K box, and I don't trust its single disk drive to last for too long. It's also low on CPU, mem and disk space. I'm setting up a new XP Pro in its place, same IP and same Windows name; with NG AI console. I haven't found too much 'solid' documentation about doing this, so how exactly would I go on about it? Use cp_merge for export and import, turn off the old server and put up the new one and everything is okay, ot do I have to delete the FW object first and do several steps in addition? -- Stig Bull Networking and Systems Administrator Hugin ASA http://www.hugincorporate.com Phone: +47 22 80 79 89 Mobile: +47 91 60 88 74 Fax: +47 22 80 79 79 - Your reputation connects through Hugin Any views expressed in this email are those of the author and do not necessarily represent those of Hugin or its subsidiary companies. This email and its attachments are intended solely for the addressee and any information contained therein is confidential. If you are not the intended recipient of this email, please notify the sender by reply email or by telephone as soon as possible; do not copy or disclose its contents to any third party; and note that any action taken on the basis of its contents may be prohibited and/or unlawful. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Cluster HFA17 node in Ready State
Ready state seems to be a known state with checkpoint. This happens when you do an upgrade on the cluster. The behaviour will make the lowest version member be active and the highest version be in Ready state thereby reducing inadvertent fail over to a gateway under upgrade. The checkpoint upgrade guide gives some details about this operation. Read the cluster upgrade portion of it. Manual switching may work to a Ready member, but I am not sure about session fail over. Refer the guide for more details. Thanks, Ramki Dave Row wrote: I recently upgraded one node of an NG R55 (SPlat) cluster from HFA06 to HFA17 (the active node is still HFA06). The hotfix went well, but the node came up not in active or standby mode, but Ready. What does this mean? Is the difference in HFAs causing this? I would like to force failover to this Ready node, but am not sure how to proceed (I'd like to see the HFA17 node pass traffic properly, before upgrading the known-good active HFA06 node). Any pointers/insight out there? Much appreciated. - Dave = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Floodgate Installation
You have to enable floodgate using cpconfig on the modules. Remember that floodgate and PPK does not work togetherRamki Lino Eduardo Avila Rodríguez wrote: Remember to set up the interfaces with the required bandwidth in your modules cheers Lino E. Avila [EMAIL PROTECTED] -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of sin Sent: Jueves, 02 de Marzo de 2006 10:59 a.m. To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Floodgate Installation Neil Kemp wrote: Dear All Just want to confirm the procedure for installing Floodgate. I am looking to install this in a distributed environment, with a single management server. So, the floodgate module needs to be installed on the management server (W2003) and the modules enabled on the two Nokias, the firewall objects need to be ticked to say they have floodgate, and the licences installed. you don't install floodgate on the management server. just edit the properties of the firewall, check the floodgate option, add the liceneses and install the policy. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Floodgate Installation
PPK is Performance Pack or SecurXL which provides software based acceleration. Ramki Neil Kemp wrote: PPK ? On 02/03/06, Ramki Security [EMAIL PROTECTED] wrote: You have to enable floodgate using cpconfig on the modules. Remember that floodgate and PPK does not work togetherRamki Lino Eduardo Avila Rodríguez wrote: Remember to set up the interfaces with the required bandwidth in your modules cheers Lino E. Avila [EMAIL PROTECTED] -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of sin Sent: Jueves, 02 de Marzo de 2006 10:59 a.m. To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Floodgate Installation Neil Kemp wrote: Dear All Just want to confirm the procedure for installing Floodgate. I am looking to install this in a distributed environment, with a single management server. So, the floodgate module needs to be installed on the management server (W2003) and the modules enabled on the two Nokias, the firewall objects need to be ticked to say they have floodgate, and the licences installed. you don't install floodgate on the management server. just edit the properties of the firewall, check the floodgate option, add the liceneses and install the policy. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
[FW-1] Copying Files to secureplatform
Hi all, I am trying to copy hotfix files to secureplatform using winscp. Have added the default user in scpusers file and restarted the sshd process. Still winscp not working. Any help will be appreciated. Thanks, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Copying Files to secureplatform
Thanks all for your replies. I had made the changes to scpuser file already but didn't help. And I did receive a message in winscp that the shell is not compatible and recommending BASH. I am not sure if it is ok to change the admin id's shell from cpshell to bash without affecting checkpoint functions. I followed cisco4ng's option of using another linux server and done my work, but really would like if I can use winscp. I would also try pscp and check if that works. Thanks, Ramki Marius Banica wrote: the default shell called cpshell works great with scp all you need to do is define /etc/scpuser in this file add the admin entry and save file then u can use admin for scp access Original message Subject:Re: [FW-1] Copying Files to secureplatform Author: [EMAIL PROTECTED] Date: 08th March 2006 11:30:48 hi, you have to change the shell of the user you want to use for scp - because the checkpoint-shell does not work with scp. cheers reinha rd At 04:26 08.03.2006, you wrote: I don't think Secureplatform will work with WinSCP. The only way for me to get it to work is to use scp from my linux server. But I also use key authentication. You may want to look at using key authentication instead of password. That way, you can automate a lot of cron process without having to put password inside your script(s) my 2c Ramki Security [EMAIL PROTECTED] wrote: Hi all, I am trying to copy hotfix files to secureplatform using winscp. Have added the default user in scpusers file and restarted the sshd process. Still winscp not working. Any help will be appreciated. Thanks, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = - Relax. Yahoo! Mail virus scanning helps detect nasty viruses! = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Splitting Management and Enforcement modules.
Here is what you can do. 1. Make the new management module with the same name as your current machine. 2. Do an upgrade_export on the current machine. 3. Install management (select only smartcenter) on the new machine and use the exported configuration (advanced install). 4. Create a new checkpoint gateway (new name) for your firewall and provide all required parameters. 5. Modify your rule base (if required) to push policy to this object. 6. Install vpn-1 pro only on the current machine. (Before that you can uninstall the complete product). 7. Establish sic with the new management. 8. Push policy. 9. You are set to go. This to note: If you have central licensing, you have to create all new licenses with your new managment IP. This can be done via your usercenter login. If you have local license you have to split the management and firewall license, but it is better to have central license. If you want to give a new name to your management, you will have some issues including the internal CA has to be reconfigured invalidating all the certificates. Regards, Ramki Simon Ashford wrote: I currently have a single firewall running both Management and Enforcement modules. I am intending to split this into a two-server configuration with the Management Module on a new machine and the Enforcement Module staying where it is. How difficult is this to do? Is there any documentation or guidance anywhere I should read? Thanks. Simon Ashford. --- This e-mail and any attachments may contain confidential and/or privileged material; it is for the intended addressee(s) only. If you are not a named addressee, you must not use, retain or disclose such information. NPL Management Ltd cannot guarantee that the e-mail or any attachments are free from viruses. NPL Management Ltd. Registered in England and Wales. No: 2937881 Registered Office: Serco House, 16 Bartley Wood Business Park, Hook, Hampshire, United Kingdom RG27 9UY --- = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] SmartView Monitor on enforcement.
You need to enable Smartview monitor on the enforcement point which you want to monitor. It is a separate package which you can select during the install as well as you need to check mark the box in the checkpoint object for the enforcement moduleRamki Alexander Simbun wrote: Hi all, Sorry for a lame question. I would like to activate my SmartView Monitor on my firewall cluster. I had received a license for it recently. According to the guide, I'm only need to install on management server but what about enforcement? Do I need to activate it also? Thanks. Regards, Al = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] SmartView Monitor on enforcement.
Yes. I believe you have to start is through cpconfig too but not sureRamki Alexander Simbun wrote: Hi, This mean I just install the SmartView Monitor on top of existing FW-1/VPN-1 software on enforcement module, am I right? Regards, Al Ramki Security wrote: You need to enable Smartview monitor on the enforcement point which you want to monitor. It is a separate package which you can select during the install as well as you need to check mark the box in the checkpoint object for the enforcement moduleRamki Alexander Simbun wrote: Hi all, Sorry for a lame question. I would like to activate my SmartView Monitor on my firewall cluster. I had received a license for it recently. According to the guide, I'm only need to install on management server but what about enforcement? Do I need to activate it also? Thanks. Regards, Al = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] SmartView Monitor on enforcement.
You don't have to re-install. Run the checkpoint setup and select the smartview monitor package. This will install only that package on top of the existing installation. Then start it through cpconfig. You may have to install it on both the cluster members, although I have not used it in a cluster. But on the smartcenter you don't have to install any software(If my memory is correct. I don't have any current installation to verify). Just use the smartview monitor GUIRamki Alexander Simbun wrote: Another question, I have one management server which manage a firewall cluster. Currently both enforcement servers in the cluster are installed using standard installation (i.e., VPN-1 FW-1) while SmartCenter is installed at management server. I'm still not sure on how to proceed with SmartView Monitor set up, do I need to install SmartView Monitor on each enforcement servers on top of existing VPN-1 FW-1 firewall module including at SmartCenter server? My concern is I'm reluctant to do re-installation on enforcement servers to include just the SmartView Monitor functionality. This is my first time to set up SmartView Monitor so I need some good guide about this. Thanks very much. Regards, Al Ramki Security wrote: You need to enable Smartview monitor on the enforcement point which you want to monitor. It is a separate package which you can select during the install as well as you need to check mark the box in the checkpoint object for the enforcement moduleRamki Alexander Simbun wrote: Hi all, Sorry for a lame question. I would like to activate my SmartView Monitor on my firewall cluster. I had received a license for it recently. According to the guide, I'm only need to install on management server but what about enforcement? Do I need to activate it also? Thanks. Regards, Al = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
[FW-1] NGX Upgrade issue
Hi all, We were trying to upgrade from NG R55 to NGX. The upgrade is failing with segment fault (core dumped) on solaris 9 box. This happens when the license upgrade status is checked. When I run the license upgrade utility manually (separately) also this problem comes. Have any of you faced a smilar situation. Any ideas will be helpful. Thanks, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] VPN acceleration card is disabled and wants to turn it on duringboot up.
Did you checked cpconfig? Ramki Alexander Simbun wrote: Hi, I just noticed that our firewall's VPN's accelerator card is turn off. I can enable it by using a command line but I wonder how to set it to be automatically activate during boot up or during firewall restarts? Thanks. Regards, Al = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] NGX Upgrade issue
Hi, I am trying a smartcenter upgrade with no firewall. Running HFA17. Failing process is license_upgrade. I tried running the license_upgrade separately with same results (core dump). Thanks, Ramakrishnan Adam BE wrote: Hi Ramki, Is it an upgrade of SmartCenter or firewall? Which HFA does your R55 have (latest vesion is recommended) ? Which process fails with a core dump? I suggest you also get the stack from the core dump and post it here. Thanks, Adam. Ramki Security [EMAIL PROTECTED] wrote: Hi all, We were trying to upgrade from NG R55 to NGX. The upgrade is failing with segment fault (core dumped) on solaris 9 box. This happens when the license upgrade status is checked. When I run the license upgrade utility manually (separately) also this problem comes. Have any of you faced a smilar situation. Any ideas will be helpful. Thanks, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] management server not seeing logs from cluster
Check the cluster object parameters and ensure that it is configured to log to the management server.Ramki Adam BE wrote: Here are a few suggestions: 1. See sk30530 - SmartCenter Server not receiving logs from Security Gateway, after migrating to distributed configuration. * Make sure to convert your SmartCenter to a *host* and *delete all interfaces* in Topology Tab and re-install policy. 2. See sk26214 - Firewall not sending logs to SmartCenter Server, is storing logs locally. 3. Try to install database on your SmartCentrer and re-open SmartView Tracker. Keep us posted if any of these suggestions solved your problem. Thanks, Adam. Mark Senior [EMAIL PROTECTED] wrote: Hello list I've got a peculiar situation here: I've built a SPLAT R55 cluster (two modules, HA new mode), and a Windows 2003 R55 management server. For some reason, the firewall logs aren't being received by the management server. From a network perspective, everything seems to be able to communicate fine. I can ping both directions between cluster members and management server, install policies on the cluster, SSH to the cluster from the management server, and so on. As you can see from the output below, the modules are able to make connections on TCP port 257 (FW1_log) to the management cluster, and they're sending _something_ over the wire on those connections (not much, as the ACK numbers don't seem to go above about 70) Also, I'm unable to fetch the logs off the remote machines within smartview tracker (tools remote files management pick a module, get file list pick a log file, fetch files). The result is that the fetch failed, with 0% progress. However, I can fetch the logs successfully by commandline with fw lslogs / fw fetchlogs. Thanks in advance for your help Mark Some diagnostic output, which shows that: (1) the module is generating, and at least attempting to send, logging data: [EMAIL PROTECTED] fw log -ft Date: Mar 20, 2006 11:31:35 accept module-2 cluster; s_port: 32900; dst: management; service: FW1_log; proto: tcp; rule: 0; message_info: Implied rule; 11:31:50 accept module-2 cluster; s_port: 32901; dst: management; service: FW1_log; proto: tcp; rule: 0; message_info: Implied rule; (2) the module is sending actual data on those logging connections, and the management server is acknowledging its receipt, at layer three if not higher: [EMAIL PROTECTED] tcpdump -i eth2 -s 0 port 257 tcpdump: listening on eth2 11:28:32.715848 module-2.32888 management.257: S 2425846703:2425846703(0) win 5840 (DF) 11:28:32.716150 management.257 module-2.32888: S 2256300641:2256300641(0) ack 2425846704 win 16384 0,nop,nop,sackOK 11:28:32.716190 module-2.32888 management.257: . ack 1 win 5840 (DF) 11:28:32.716251 module-2.32888 management.257: P 1:5(4) ack 1 win 5840 (DF) 11:28:32.716806 management.257 module-2.32888: P 1:5(4) ack 5 win 65531 (DF) 11:28:32.716837 module-2.32888 management.257: P 5:9(4) ack 5 win 5840 (DF) 11:28:32.868495 management.257 module-2.32888: . ack 9 win 65527 (DF) 11:28:32.868515 module-2.32888 management.257: P 9:69(60) ack 5 win 5840 (DF) 11:28:32.869060 management.257 module-2.32888: P 5:59(54) ack 69 win 65467 (DF) 11:28:32.905408 module-2.32888 management.257: . ack 59 win 5840 (DF) 11:28:32.905634 management.257 module-2.32888: P 59:72(13) ack 69 win 65467 (DF) 11:28:32.905652 module-2.32888 management.257: . ack 72 win 5840 (DF) 11:28:32.906653 module-2.32888 management.257: F 69:69(0) ack 72 win 5840 (DF) 11:28:32.906854 management.257 module-2.32888: . ack 70 win 65467 (DF) 11:28:32.906970 management.257 module-2.32888: F 72:72(0) ack 70 win 65467 (DF) 11:28:32.906989 module-2.32888 management.257: . ack 73 win 5840 (DF) 11:28:47.915845 module-2.32889 management.257: S 2443795765:2443795765(0) win 5840 (DF) 11:28:47.916162 management.257 module-2.32889: S 647665702:647665702(0) ack 2443795766 win 16384 0,nop,nop,sackOK 11:28:47.916204 module-2.32889 management.257: . ack 1 win 5840 (DF) 11:28:47.916267 module-2.32889 management.257: P 1:5(4) ack 1 win 5840 (DF) 11:28:47.917000 management.257 module-2.32889: P 1:5(4) ack 5 win 65531 (DF) 11:28:47.917014 module-2.32889 management.257: P 5:9(4) ack 5 win 5840 (DF) 11:28:48.071400 management.257 module-2.32889: . ack 9 win 65527 (DF) 11:28:48.071420 module-2.32889 management.257: P 9:69(60) ack 5 win 5840 (DF) 11:28:48.071966 management.257 module-2.32889: P 5:59(54) ack 69 win 65467 (DF) 11:28:48.105407 module-2.32889 management.257: . ack 59 win 5840 (DF) 11:28:48.105668 management.257 module-2.32889: P 59:72(13) ack 69 win 65467 (DF) 11:28:48.105685 module-2.32889 management.257: . ack 72 win 5840 (DF) 11:28:48.106663 module-2.32889 management.257: F 69:69(0) ack 72 win 5840 (DF) 11:28:48.106878 management.257 module-2.32889: . ack 70 win 65467 (DF) 11:28:48.107070 management.257 module-2.32889: F 72:72(0) ack 70 win 65467 (DF) 11:28:48.107087 module-2.32889 management.257: . ack
Re: [FW-1] NGX Upgrade issue
Thanks for your comments. I forgot to mention that I had already done the upgrade of all the NG licenses to NGX as recommended by the upgrade guide. When I did the license upgrade first time it went on fine and did the upgrade. When I run the NGX install and selected upgrade after the license upgrade is done, it core dumped at the point where license upgrade status is being checked. Thanks, Ramki Bhavin Gandhi wrote: U can try the upgrade seperately. Download the license from Usercenter attach the same using Checkpoint configuration. Regds, bG -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ramki Security Sent: Wednesday, March 22, 2006 8:45 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] NGX Upgrade issue Hi, I am trying a smartcenter upgrade with no firewall. Running HFA17. Failing process is license_upgrade. I tried running the license_upgrade separately with same results (core dump). Thanks, Ramakrishnan Adam BE wrote: Hi Ramki, Is it an upgrade of SmartCenter or firewall? Which HFA does your R55 have (latest vesion is recommended) ? Which process fails with a core dump? I suggest you also get the stack from the core dump and post it here. Thanks, Adam. Ramki Security [EMAIL PROTECTED] wrote: Hi all, We were trying to upgrade from NG R55 to NGX. The upgrade is failing with segment fault (core dumped) on solaris 9 box. This happens when the license upgrade status is checked. When I run the license upgrade utility manually (separately) also this problem comes. Have any of you faced a smilar situation. Any ideas will be helpful. Thanks, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail
Re: [FW-1] NGX Upgrade issue
Hi Adam, Thanks for the syntax. Infact I have been looking for the way to get the stack. Thanks again. I will get it and post it here. And about the step I followed: 1. Ran ngx install and checked the upgrade verifier. It exited after the completion. 2. Ran ngx install again, selected upgrade and did a license upgrade simulation. It successfully simulated and exited. 3. Ran ngx install again, selected upgrade and did a online license upgrade. It accessed usercenter and upgraded the license and gave a report. Then the program exited. 4. Ran ngx install again, selected upgrade and the license checking screen comes and it core dumps. Initially it was giving segmentation fault and now it give bus error. Hi Lino: I have valid software subscription and was able to successfully upgrade the licenses before bumping into this issue. Thanks, Ramki Adam BE wrote: Hi Ramki, 1. I suggest you get the stack from the core file and post it here. It might help in pinpointing what has caused the problem. The general syntax for getting the stack from a core file is: debugger path_to_executable corefile Examples: gdb `which license_upgrade` core.license_upgrade.1721(linux) dbx `which license_upgrade` core.license_upgrade.1721 (solaris) Once the debugger has finished loading type: where This should output the stack. 2. Could you be more specific as to the exact steps which caused the problem? If I recall correctly there are several ways you could perform license upgrade (online before software update, offline before software update etc')... which commands did you type and in which exact order that causes this problem to reproduce? Thanks, Adam. Ramki Security [EMAIL PROTECTED] wrote: Thanks for your comments. I forgot to mention that I had already done the upgrade of all the NG licenses to NGX as recommended by the upgrade guide. When I did the license upgrade first time it went on fine and did the upgrade. When I run the NGX install and selected upgrade after the license upgrade is done, it core dumped at the point where license upgrade status is being checked. Thanks, Ramki Bhavin Gandhi wrote: U can try the upgrade seperately. Download the license from Usercenter attach the same using Checkpoint configuration. Regds, bG -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ramki Security Sent: Wednesday, March 22, 2006 8:45 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] NGX Upgrade issue Hi, I am trying a smartcenter upgrade with no firewall. Running HFA17. Failing process is license_upgrade. I tried running the license_upgrade separately with same results (core dump). Thanks, Ramakrishnan Adam BE wrote: Hi Ramki, Is it an upgrade of SmartCenter or firewall? Which HFA does your R55 have (latest vesion is recommended) ? Which process fails with a core dump? I suggest you also get the stack from the core dump and post it here. Thanks, Adam. Ramki Security wrote: Hi all, We were trying to upgrade from NG R55 to NGX. The upgrade is failing with segment fault (core dumped) on solaris 9 box. This happens when the license upgrade status is checked. When I run the license upgrade utility manually (separately) also this problem comes. Have any of you faced a smilar situation. Any ideas will be helpful. Thanks, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2�/min or less. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see
[FW-1] site-to-site with ezVPN
Hi all, We have a requirement to make site-to-site VPN between checkpoint and Cisoc ezVPN. Is this possible. Have any one tried this? Thanks in advance, Ramki = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] VPN acceleration card is disabled and wants to turn it on duringboot up.
Al, Did you tried giving vpn accel on at command line. Did it start the accelerator? If starting, you can put this command in startup as Adam has suggested. Regards, Ramki Adam BE wrote: Hi, A simple solution would be to add the command to a startup script such as /etc/rc.local. I think there should be a command which automatically enables / disables it during boot but I can't recall (need to review all the available documentation)... Adam. Alexander Simbun [EMAIL PROTECTED] wrote: Yes, I did. Even though the automatic firewall module starts up during boot is set but it still doesn't starts up the VPN accelerator. If still not working, I guess I have to reinstall back the driver. Thanks, Al Ramki Security wrote: Did you checked cpconfig? Ramki Alexander Simbun wrote: Hi, I just noticed that our firewall's VPN's accelerator card is turn off. I can enable it by using a command line but I wonder how to set it to be automatically activate during boot up or during firewall restarts? Thanks. Regards, Al = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Technical specification of Firewall-1 GX
It all depends on which hardware platform you want to choose. Fw1-gx is a software. Hardware requirement will be based on your requirement of performance and features. Regards, Ramki Sanisca, Dewa wrote: Hi All I make a document for my office project, and I need information about technical specification about Firewall-1 GX (power consumption, widht, height, etc) ? Maybe some one have the soft document or information ? Thank you all! BR Sanisca = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] NGX Upgrade issue
Hi Adam, I am copying the output of the debugger below. I am not sure if the debugger ran properly as I seem some error like message, no debugging symbols found. I have copied the whole capture here. Let me know if you could decipher any information from this. Thanks for your help. # gdb /cdrom/solaris2/license_upgrade /var/core/core_license_upgrade_0_0_44554 GNU gdb 6.0 Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as sparc-sun-solaris2.9... (no debugging symbols found)... Core was generated by `./license_upgrade'. Program terminated with signal 10, Bus error. Reading symbols from /usr/lib/libthread.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libthread.so.1 Reading symbols from /usr/lib/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/librt.so.1 Reading symbols from /usr/lib/libresolv.so.2...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libresolv.so.2 Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libsocket.so.1 Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libnsl.so.1 Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libdl.so.1 Reading symbols from /usr/lib/libintl.so.1... warning: Lowest section in /usr/lib/libintl.so.1 is .hash at 0074 (no debugging symbols found)... done. Loaded symbols for /usr/lib/libintl.so.1 Reading symbols from /usr/lib/libm.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libm.so.1 ---Type return to continue, or q return to quit--- Reading symbols from /usr/lib/libc.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libc.so.1 Reading symbols from /usr/lib/libw.so.1... warning: Lowest section in /usr/lib/libw.so.1 is .hash at 0074 (no debugging symbols found)...done. Loaded symbols for /usr/lib/libw.so.1 Reading symbols from /usr/lib/libkstat.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libkstat.so.1 Reading symbols from /usr/lib/libkvm.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libkvm.so.1 Reading symbols from /usr/lib/libelf.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libelf.so.1 Reading symbols from /usr/lib/libCrun.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libCrun.so.1 Reading symbols from /usr/lib/libaio.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libaio.so.1 Reading symbols from /usr/lib/libmd5.so.1...(no debugging symbols found)... done. Loaded symbols for /usr/lib/libmd5.so.1 Reading symbols from /usr/lib/libmp.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libmp.so.2 Reading symbols from /usr/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1... (no debugging symbols found)...done. Loaded symbols for /usr/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1 #0 0x000cfd5c in do_test () (gdb) where #0 0x000cfd5c in do_test () #1 0x63656e7b in ?? () Cannot access memory at address 0x74204ca5 (gdb) Thanks, Ramakrishnan Adam BE wrote: Hi Ramki, 1. I suggest you get the stack from the core file and post it here. It might help in pinpointing what has caused the problem. The general syntax for getting the stack from a core file is: debugger path_to_executable corefile Examples: gdb `which license_upgrade` core.license_upgrade.1721(linux) dbx `which license_upgrade` core.license_upgrade.1721 (solaris) Once the debugger has finished loading type: where This should output the stack. 2. Could you be more specific as to the exact steps which caused the problem? If I recall correctly there are several ways you could perform license upgrade (online before software update, offline before software update etc')... which commands did you type and in which exact order that causes this problem to reproduce? Thanks, Adam. Ramki Security [EMAIL PROTECTED] wrote: Thanks for your comments. I forgot to mention that I had already done the upgrade of all the NG licenses to NGX as recommended by the upgrade guide. When I did the license upgrade first time it went on fine and did the upgrade. When I run the NGX install and selected upgrade after the license upgrade is done, it core dumped at the point where license upgrade status is being checked. Thanks, Ramki Bhavin Gandhi wrote: U can try the upgrade seperately. Download the license from Usercenter attach the same using Checkpoint configuration. Regds, bG -Original Message- From: Mailing
Re: [FW-1] Backup of Solaris
By far the best way I have seen and also the check point recommended way is to use upgrade_export to export the firewall configuration if you are using NGAI R55 or later. Ramki Hal Dorsman wrote: Yes, this is good advice. By far ufsdump is the best way to clone your entire disk from one machine to another. However, I suppose it is just another strategy, but I feel that is you are going to have a backup hardware system, you might as well go ahead and build it exactly like your primary, and you don't need an external disk or mess with ufsdump and altering your vfstab. I simply installed my secondary OS exactly like my primary, and when my firewall and interface stuff was set up (including OS hardening), I tarred up /etc and firewall conf directory, ftp'ed it over to my secondary, and reboot secondary. Voila' ! Identical secondary backup since Solaris gets everything out of /etc, including your hardening in RC start files. I keep my secondary running, and periodically retar my /etc and fwconf, and copy over to secondary. Then Downtime=time to move your network cables. hope this helps. best regards, Hal -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, March 27, 2006 10:39 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Backup of Solaris Hi, the easiest way is to connect an external Disk to the Sytsme and make an ufsdump (with cron) of all partions. With a little script (sed) you have to modify the vfstab and set an bootblock on the disk. If your system crashes you can boot the external disk from an other machine (same Hardware). Downtime = Boottime. If you need a script mail me. Regards Reiner -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bhavin Gandhi Sent: Tuesday, March 28, 2006 5:50 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Backup of Solaris Hi Hal, Thanks for pointing that how can the same be restored in case if server crashes. Thanks, bG -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Hal Dorsman Sent: Monday, March 27, 2006 9:40 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Backup of Solaris As others have mentioned upgrade_export will back up FW config, but it will not get your Solaris OS settings which are numerous. All exist in /etc so what I do is cd to /etc, 'tar -cvf fwbackupdate.tar *', then move tar file to $FWDIR/conf, then tar contents of FWDIR, then ftp tar file off to cold standby backup server. This way you will have a tar file that contains everything you need that you can easily move to backup server or to tape. You can put these steps in a script and run it with cron periodically. hope this helps Hal -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bhavin Gandhi Sent: Monday, March 27, 2006 2:13 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] Backup of Solaris Gurus, We have R55 Mgmt server fw module installed on Solaris. Need help in taking backup of the configuration. Thanks, bG The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL
Re: [FW-1] Can Cisco Content Switching works with firewall cluster (Check Point+ RainWall) ?
Hi, Check Point has a license called Connect Control which will accomplish the same load balancing on HTTP as well as other protocols. Not sure about Rainwall. Thanks, Ramki Alexander Simbun wrote: Hi, Well... we going to use Content Switch to load balance the web, ftp email servers. Can Rainwall do the same thing without do it using Content Switch? Al billford wrote: Are you using the Content Switch to load balance web servers or are you replacing Rainwall with the Content switch? The latter is a bad idea, the former should work fine. I think a few more details about what you're trying to accomplish with these two solutions would help in answering your questions. Bill Alexander Simbun wrote: Dear Honorable Experts, I have a question about Cisco Content Switching and firewall cluster (Check Point + RainWall) which made me wonders if these can work each others. We currently in progress to set up Content Switching between two location (which shares same private and public VLANs). At the same time, we running a firewall cluster which covers three enforcement servers (two at location A and one at location B). For load-balancing/H.A solution we used RainWall in the firewall cluster. FYI, there are one public VLAN, two private VLANs (behind the firewalls) and one synchronization network for three enforcements to synchronize each others. So, my questions are a) Do Cisco Content Switch works with firewall cluster (Check Point + RainWall) ? As I understand Content Switch and RainWall is a similar load-balance/H.A. solutions except both running on different platform (hardware and software based). b) If it works, any documents or resources out there which helps us to set up this? c) If it doesn't works due to similar natures of these products (Content Switching RainWall), which is the best way to solve this? Thanks for your reply and enlightenment about this matter. Regards, Al = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Solaris module with splat smartcentre ?
It doesn't matter which OS you are running the management on. You can always push policy on any VPN-1 module (sun, ipso, splat, windows, linux etc).Ramki Mark Pace Balzan wrote: Hi All, I currently have a splat smartcentre mgmt NGX Express, which is managing a couple of standalone NGX vpn-1 modules, also on splat. All works ok. The Question: Is it possible to also manage - ie push the policy, user database etc... another standalone express vpn module running on sun solaris (instead of splat) from the splat express smartcentre mgmt server ? Thanks Mark = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] ipassignment.conf
Also note that you cannot give an IP which is part of your encryption domain. You should use a totally different subnet (different from your officemode pool) for the ipassignment.conf to work. Regards, Ramki Lino Eduardo Avila Rodríguez wrote: I have configured office mode and It works ok, the I edited the ipassignment.conf file with one user to test it but It doesn't asign me the ipaddress I want. I have installed the policy but the same problem. What I wrote in the file is: GatewayType IP Address User Name = = == = * addr10.36.1.9,dns=(10.90.1.174) INKEPR Am I correct? -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of sin Sent: Martes, 18 de Abril de 2006 01:41 p.m. To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] ipassignment.conf Lino Eduardo Avila Rodríguez wrote: I have tried installing the policy and nothing happens. The I read somewhere you have to restart de cp services, but I don't know if it's going to work. why just not try and see if it works or not ? = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Cannot Get Topology on new SC setup
Try enabling IKE over TCP and other enhanced settings in SC. It may help in case you use a NAT device at the SC endRamki Sean Donaghey/HDGH wrote: All of a sudden on a new clean install I cannot get the topology to download. I am using Username and password authentication, and it just tries for a long time, and then errors out with a 'Timeout Error'. In the logs, I see an inbound FW1_top, and ISAKMP request from the SC computer, and they are both accepted. This problem is not affecting VPN users that already have a site defined, just the ones that needs to add the site. What can I check to find out what is going on? Thanks, Sean The information contained in this e-mail message is confidential and protected by law. The information is intended only for the person or organization addressed in this e-mail. If you share or copy the information you may be breaking the law. If you have received this e-mail by mistake, please notify the sender of the e-mail by the telephone number listed on this e-mail. Please destroy the original; do not e-mail back the information or keep the original. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] hotfix question
Yes. HFA-03 is the latest hotfix for R60. Regards, Ramki Clive Luk wrote: Hi all, One more silly question. http://www.checkpoint.com/downloads/latest/hfa/vpn1pro_express.html#r60 is this the latest hotfix for NGX60? Thanks! Cheers, Clive = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] export configuration
Hi Clive, Are you planning to use ClusterXL for clustering? About cluster, you cannot setup cluster and management on the same box. You need to have a separate management and two other boxes to setup cluster. Once you have this infrastructure, you can follow these steps. 1. Use the upgrade_export from NGX R60 cd to do an upgrade_export. Run unixinstallscript from the NGX CD and select export configuration. 2. Store the exported file in a directory and transfer this to the NGX R60 box. 3. Do an upgrade_import onto the NGX R60 box. You can also do a fresh install and select advanced upgrade using the exported configuration. 4. Follow the cluster configuration guidelines to configure the smart dashboard objects for the cluster. Install policy on the cluster. You will need a common IP, sync network etc. Regards, Clive Luk wrote: Dear FW-1 list members, Hope someone can help me here. Let me explain my situation. I am currently running single NGX55 on Solaris 8 and SmartCenter on a different box (Solaris 9). I have been assigned to a project to setup a cluster(load balance/fail-over) firewall. I have just setup a test box on a Solaris 9 box running both NGX60 and Smartcenter(just to playing around). I am wondering if I can export the old configurations + policy from my old NGX55 to the new NGX60? Thanks in advance! Cheers, Clive = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] R61 for VPN1/Pro Express
Hi Reinhard, Can you explain what is the change in edge management in R61. Thanks, Ramki Reinhard Stich wrote: hi, yes - edge-mgmt is enhanced in R61, I guess checkpoint is waiting for nokia to test and release the ipso-version. then R61 will be released. should be within the next 1-2 weeks as I see it. cheers reinhard At 18:09 03.05.2006, you wrote: Has anyone heard a firm date on when R61 will be released? I know that some people have been able to get it from their firewall vendors etc. I had thought it was to be out a few weeks back. I'm interested in the new Edge management functionality that is supposed to be included with this release. Jeremy Lieb CCSE-NG CCSE+NG Firewall Administrator Open Text Corporation 100 Tri-State Int'l Pkwy Third Floor Lincolnshire, IL 60069 18472679330 ext 4395 = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = -- Ramki CCNA, CCSE-NGAI = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] CheckPoint on RHEL4
I would suggest using SecurePlatform instead. Checkpoint supports it and you have less integration issues. SPLAT is modified/hardened Redhat linux. Ramki CCNA, CCSE-NGAI Eric Janz wrote: Hi all, somebody knows if Checkpoint will support RHEL4 in the near future? Thanks in advance for your comments, Regards, Eric Janz Departamento de Sistemas Grupo Barceló Viajes C\ 16 de Julio, 75 07009 Polígono Son Castelló Palma de Mallorca - Baleares Tel.: +34 971 448030 Fax.: +34 971 436986 = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Load Balancing for SPLAT
You can try checkpoints native ClusterXL. I am not sure what is the feature wise difference between the two products. Ramki CCNA, CCSE-NGAI Joe Pope wrote: We just received notice that the RainWall/RainConnect we are using is being discontinued by EMC. We use this to cluster our two SPLAT gateways. Anyone have any recommendations for a replacement? Thanks! Joe = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Installing SPLAT on Dell PowerEdge 2850 (UNCLASSIFIED)
I had done the same install on R60 HFA3 on the same hardware but without the additional harddisks you have. It went through fine. May be you want to put only one HDD in its default configuration and try installing again to see it that helps. Ramki CCNA, CCSE-NGAI Dearing, Jimmy (EDS Contractor) wrote: Classification: UNCLASSIFIED Caveats: NONE Ive been attempting to install SPLAT on a Dell PowerEdge 2850 Server that has dual 3.8ghz processors with 2mb L2 Cache, 12gb RAM, Dual Embedded Intel Gigabit1 82541 Server Adapter, PERC 4e/Di controller. It has six 15,000rpm 146gb hard drives that are setup as follows: On Channel 0 of the PERC controller there are two disks, setup in a RAID 1 (mirror) On Channel 1 of the PERC controller there are 4 disks, setup in a RAID 5. The SPLAT install says all hardware is compatible and it goes into the install. Once it begins formatting the /opt partition, it seems to hang. I_ve tried it three different times and it has currently been setting at the formatting /opt screen for 24 hours. Ive tried this on two different identical 2850_s with both giving the same results. Am I missing something here? Can anyone see something wrong with my hardware setup? Classification: UNCLASSIFIED Caveats: NONE = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] mac address
Checkpoint being an IP firewall, doesn't work on MAC address. Hence I don't think there is a way to do this. By the way, why you want to do this? Ramki CCNA, CCSE-NGAI Roberto González Sagredo wrote: Hi, I would like to know if it is possible to create objects in Firewall-1 VPN Pro based on its MAC address instead of its IP number. Regards ___ Roberto González Sagredo Director de Sistemas mailto:[EMAIL PROTECTED] ComuNET S.A. Gral. Concha 39,6º 48012 Bilbao España Tel: +34 944 700 101 Fax: +34 944 700 185 http://www.comunet.es ___ Este correo electrónico contiene información privada que puede estar legalmente protegida, parcial o totalmente. Es sólo para uso del destinatario al que está dirigido. Si ha recibido este mensaje por error, le rogamos que lo notifique al remitente del email y que además borre de su sistema el mensaje así como todas sus copias, incluyendo las posibles copias del mismo en su disco duro, y se abstenga de usar, revelar, distribuir a terceros, imprimir o copiar ninguna de las partes de este mensaje. Los datos personales que pueda contener el presente mensaje, ya sea en su contenido o en los destinatarios, cumplen con lo establecido en la Ley Orgánica 15/1999, de 13 de diciembre, de Protección Datos de Carácter Personal. This e-mail contains proprietary information some or all of which may be legally protected. It is for sole use of the intended recipient only. If you have received this message by mistake, you are requested to notify the e-mail sender and erase both the message and any copies from your system, including hard disk copies. You are further requested to refrain from using, distributing to third parties, printing or making copies of any parts of this message. The personal data that may appear in this e-mail message are in accordance with the Organic Law 15/1999 of 13 December on the Protection of Personal Data. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
[FW-1] Sun bge interface issue
Hi, Have you had any issues with sun bge interface on NGAI R55. I know it doesn't work with performance pack (securexl). But other wise we are seeing lot of interface up/downs on the log and seems to be causing some sync issues. But no visible impact. Any one has experienced any issues with this. Thanks in advance. -- Ramki CCNA, CCSE-NGAI = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Migrate IPSO SmartCenter to a Windows Platform
Study the upgrade guide of Checkpoints. It has step by step method of migrating smartcenter. In a nutshell use upgrade_export and upgrade_import to migrate checkpoint configuration and policies. Migrate the network/routing configuration seperately. By the way, why would you migrate from IPSO to Windows? Splat may be a better choice. Ramki CCNA, CCSE-NGAI Neil Kemp wrote: Hi there, I have a customer who needs to migrate from an IPSO platform running both SmartCenter and Enforcement, to running the SnartCenter on Windows and having the enforcement purley on Windows - does anyone know how to accomplish this ? (R60) Thanks. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Sun bge interface issue
Thanks Trevor, This seems to be a logical reason in our case even though we don't use VLAN. But the symptoms seems to be same. May be there are still some issues with ClusterXL and BGE. We are upgrading to NGX shortly. Will see if that makes any difference. Ramki CCNA, CCSE Trevor Lee wrote: Hi Ramki, I don't know if you are running vlans on your BGE interfaces, but had a lot of issues when running NGAI R55 on Solaris 9 with vlans and BGE interfaces. This is what we got told from our local Checkpoint techs: Just to confirm that we do not support the Broadcom BGE interfaces with VLAN's when running ClusterXL (R55). Our official recommendation is to use the CE GigaSwift card, however a bug has been found in the Sun driver (reference page 71, section 29 of the R55 release notes) that can cause a Solaris Panic under certain load scenarios. We still support this configuration, however if it is found the issue you are having is a result of this bug our hands are tied. Symptoms Unable to activate a BGE interface with VLAN support in a ClusterXL configuration. cphaprob -a if command displays down, when vlans on the BGE interfaces are configured. Environment The native BGE configuration with ClusterXL is working as should be. The status displays up when using a cphaprob -a if command. Solution Check Point recommends using Sun Microsystems CE GigaSwift interface card for ClusterXL configurations with VLANs. The BGE interface card is supported, but not in a ClusterXL configuration with VLANs We ended up switching to a gigaswitft card and the messages went away, and the machines seemed more stable. Regards, Trevor Lee -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ramki Security Sent: Tuesday, 6 June 2006 8:53 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] Sun bge interface issue Hi, Have you had any issues with sun bge interface on NGAI R55. I know it doesn't work with performance pack (securexl). But other wise we are seeing lot of interface up/downs on the log and seems to be causing some sync issues. But no visible impact. Any one has experienced any issues with this. Thanks in advance. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] upgrading from R55 to NGX
We performed the upgrade from R55-HFA16 to NGX R60 HFA3 few weeks ago and its doing fine. Our enforcements are still on R55-HFA16. Ramki CCNA, CCSE-NGAI Brummer, Steven wrote: Shiroma, I just recently performed the same upgrade that you're speaking of with no ill effects. I upgraded my R55 HFA17 smartcenter server to NGX and was able to push policy to the gateways and lost no VPN connections. I saw where many of the connections dropped, but they reconnected with no issues. I ran into some issues with my Nokia enforcement points however with trying to perform the zero-downtime upgrade. It's been a little while since I did the upgrade to remember the specifics, but the biggest thing that I remember was that I lost the VRRP interfaces which basically gave me two standalone gateways instead of a two-node clustered gateway. This caused all the Internet traffic to stop. I had to reconfigure everything, but I won't recommed to you that it was a problem with the upgrade. It very well could have been an operator problem since this was the first time I had performed a upgrade to a Nokia platform on my own. Hope this helps, Steve -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Shiroma Dassanayake Sent: Wednesday, June 07, 2006 2:53 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] upgrading from R55 to NGX Dear all I currently have a distributed env. My smartcenter server is running R55 HFA 14 and my gateway is running R55 HFA09. I am going to upgrade to NGX R60. However, this is what I got from the R61 release notes under clarifications and limitations: VPN 1. After upgrading a pre-NGX SmartCenter Server to NGX, existing VPN connections will be dropped the first time policy is installed if the enforcement modules are not also upgraded to NGX. New connections will succeed as expected. For connections with static source-destination ports (for example, GRE connections), reinitialize them by running cpstop/cpstart on the module. My upgrade path will be as follows: Upgrade Smartcenter server first Upgrade gateway/module The timeframe between the smartcenter upgrade and the gateway upgrade could be anywhere from between a week to a month. In this scenario: does this mean that once the smartcenter server has been upgraded to NGX and the gateway is still at R55, my existing VPN client connections and site-site VPNs will cease to function? Has anyone encountered such a problem during an R55 to NGX upgrade? Any ideas would be greatly appreciated. Thanks and regards Shiroma __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] How to find NAT logs in NG AI R55?
Use smartview tracker. All NAT traffic are logged normally. You may have to enable certain field to see the Xlated source/destination in the log. Ramki CCNA, CCSE-NGAI saravanakumar wrote: Hi, Will CheckPoint log tracker help? regards, kumar Eva Wang wrote: Hi there, do you know how to find NAT logs either via SmartDashboard or fw monitor or other commands? great thanks. br, eva = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] ISP Redundancy on Windows
We are running NGX on Solaris 9. I believe ISP Redundancy is not supported here either. Is there any suggestion on how to implement it in such cases. Ramki CCNA, CCSE-NGAI Roberto Lauriola wrote: Hi list, Reading NGX R60 documentation ISP Redundancy on Windows is not possible and not supported. Do you know a method or work-around to have that working? Thank-you. Bye. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] NGX Hotfix Confusion !
1. The release note may have been modified in June 2006. 3. Smartconsole HFA numbers are different from product HFAs and can be followed independently. Hence going by what you have mentioned, the VOIP hotfix may be the latest. Ramki CCNA, CCSE Mark Pace Balzan wrote: Hello All, Im currently running splat NGX R60 with HFA 03 - but ive got some problems, so I dug a bit deeper and found some stuff related to HFA and Hotfixes which is very confusing, so I hope someone out there can help. i. HFA 03 is listed as released in April, and the pdf of the release notes when I downloaded it also carries a date of April, but the latest release notes say 'Take 25' and carry a date of June 2006, so is there a more recent HFA03 that should be used ? ii. There is also a VoIP Hotfix for NGX. It states it should be installed on top of HFA 02, but its not clear if it is included as part of HFA03, or if it should be installed together with HFA 03 ? iii. Smartconsole: Both HFA02 and the VoIP Hotfix come with a Smartconsole Hotfix with different version and build numbers. No Smartconsole with HFA03 however. So which is to be used ?Looks like the VoIP Hotfix one has a higher release number. Thanks in advance to all for shedding some light on this. I'll be pleased to summarise all answers. Cheers Mark = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Nokia IP350 License problem
You have got a NGX license here which is in your license database. The error is because you have R55 loaded. Check this license and remove it if not intended to be there. Ramki CCNA, CCSE-NGAI Jean-Christophe Valiere wrote: Hello, I'm trying to add the license for a new firewall (Nokia IP350) using SmartUpdate (R55 Build 62). Nokia Firewall Software Version is: Software Release: 4.1-BUILD016 and Software Version: releng 1515 05.19.2006-052320. I got the following eroor when adding the new license: * Warning: Can't find ::cpxp-sc1-50-mgmt-ngx in cp.macro. License version might be not compatible * Failed to install license Do you know where the problem is ? Thanks in advance. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Solaris 9 BGE card and NGX60
Hi Clive, NG R55 is known to have some compatibility issues with BGE interface, but NGX R60 is suppose to have resolved those issue. I have installed NGX R60 with HFA3 on V240 server and it works fine. Try adding the line bge accept in the file /etc/fw.boot/ifdev if it is not already there. Ramki CCNA, CCSE-NGAI Clive Luk wrote: Dear List, I am trying to do a new installation on my newly bought two SUN FIRE V240. Actually I want to setup as a cluster. However, When I installed NGX60 to a freshly built box, it seems that CP doesn't recognise the bge card. Does anyone has the same problem? Is there anyway I can solve it. Thanks in advance! Cheers, Clive = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Firewall slowdown?
May be there is some attack going in your network. I had seen such behavior earlier. Ramki CCNA, CCSE-NGAI Mike Smith wrote: The Checkpoint NGX R60 HFA02 system I support recently exhusted all of the Concurrent Connections (the checkpoint log eas showing dropped connections). I increased the value of Maximum concurrent Connections on the Capacity Optimization property screen of the cluster object definition. The Calculate connection hash table size and memory pool option is set to Automatic. There has been a very hard to explain slowdown during the afternoon. I have satisfied myself that the performance problem is within the Firewall. Memory/processor utilization is less than 25% of the machine. Are there any options, related to the concurrent connections value, which should be adjusted or reviewed? = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Solaris 9 BGE card and NGX60
Yes. My setup is active/standby cluster (not loadsharing) in new mode. There is no VLAN involved. Both cluster members are V240 servers on Solaris 9. Using broadcast mode instead of multicast. Ramki CCNA, CCSE-NGAI Clive Luk wrote: Hi Ramki, Thanks for your reply. I have done some research on the net and SecureKnowledge. It seems it will not work with Cluster and VLAN. Because I have got two V240 wanted to setup a Cluster. Just a question have you got your V240 working with Cluster? Cheers, Clive -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ramki Security Sent: Thursday, 13 July 2006 12:15 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Solaris 9 BGE card and NGX60 Hi Clive, NG R55 is known to have some compatibility issues with BGE interface, but NGX R60 is suppose to have resolved those issue. I have installed NGX R60 with HFA3 on V240 server and it works fine. Try adding the line bge accept in the file /etc/fw.boot/ifdev if it is not already there. Ramki CCNA, CCSE-NGAI Clive Luk wrote: Dear List, I am trying to do a new installation on my newly bought two SUN FIRE V240. Actually I want to setup as a cluster. However, When I installed NGX60 to a freshly built box, it seems that CP doesn't recognise the bge card. Does anyone has the same problem? Is there anyway I can solve it. Thanks in advance! Cheers, Clive = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Bad Anti-Spoof Recovery
Try giving fwm unloadlocal on the module and then push policy from the smartdashboard after modifying the anti-spoofing parameters. Ramki CCNA, CCSE-NGAI Crist Clark wrote: I have an enforcement module that appears to have a bad policy installed. That is, it feels that traffic coming in from the management server is spoofed. So how does one install a corrected policy on this system? Obviously, you cannot push a policy, but sometimes traffic originating from the firewall itself gets through the anti-spoofing, so I thought a, # fw fetch master Might work, but I no. So then I tried, # fw ctl uninstall To kill the anti-spoofing, but the fetches would still fail. What is a procedure to reaquire a module that has incorrectly decided the management server is spoofing? = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] Solaris 9 BGE card and NGX60
Hi Clive, Broadcast/Multicast: This differentiates how the cluster members communicate with each other. Multicast would required special configuration in some switches connecting the cluster members and hence may create issues. Broadcast would eliminate this issue. Ramki CCNA, CCSE-NGAI Clive Luk wrote: Thanks for you quick reply Ramki, I am new to checkpoint. Do you think you can give me some direction on setting up my v240 as a HA cluster? Actually I have a few questions want to ask. What is the different between broadcast mode and multicast mode? Does that require an extra license to setup HA/LS cluster? Do you use cross over cable to sync. the state? Cheers, Clive -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ramki Security Sent: Thursday, 13 July 2006 1:26 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Solaris 9 BGE card and NGX60 Yes. My setup is active/standby cluster (not loadsharing) in new mode. There is no VLAN involved. Both cluster members are V240 servers on Solaris 9. Using broadcast mode instead of multicast. Ramki CCNA, CCSE-NGAI Clive Luk wrote: Hi Ramki, Thanks for your reply. I have done some research on the net and SecureKnowledge. It seems it will not work with Cluster and VLAN. Because I have got two V240 wanted to setup a Cluster. Just a question have you got your V240 working with Cluster? Cheers, Clive -Original Message- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ramki Security Sent: Thursday, 13 July 2006 12:15 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Solaris 9 BGE card and NGX60 Hi Clive, NG R55 is known to have some compatibility issues with BGE interface, but NGX R60 is suppose to have resolved those issue. I have installed NGX R60 with HFA3 on V240 server and it works fine. Try adding the line bge accept in the file /etc/fw.boot/ifdev if it is not already there. Ramki CCNA, CCSE-NGAI Clive Luk wrote: Dear List, I am trying to do a new installation on my newly bought two SUN FIRE V240. Actually I want to setup as a cluster. However, When I installed NGX60 to a freshly built box, it seems that CP doesn't recognise the bge card. Does anyone has the same problem? Is there anyway I can solve it. Thanks in advance! Cheers, Clive = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services
Re: [FW-1] Upgrade from NGX R60 to NGX R61
First upgrade the management station. Before that take an upgrade_export of your current configuration. Once the management station is upgraded, then upgrade the modules. Refer the checkpoint upgrade guide for detailed instructions. I have heard that NGX R61 is older than NGX R60 with HFA03. The NGX license is same for R60 and R61. No license upgrade required. Ramki CCNA, CCSE-NGAI Thiago Formagi - TECLógica wrote: Hello guys, I'm have a SPLAT NGX R60 issue and I need to upgrade it for NGX R61. Which are the procedures that I have to perform after of install the NGX R61? I would like to know when I do this upgrade procedure, my lincenses will be upgrade too? Thank you, = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =
Re: [FW-1] SmartView Monitor error in NGX R61
SView Monitor is a thick client. Does it use IE? Then did you try it on another PC and confirm it is not client specific? Ramki CCNA, CCSE-NGAI Mark Elsen wrote: NGX - R61 -- S-View monitor can't display full node status ; following error is reported. Internet Explorer Script Error - An error has occurred on the script in this page. Line : 47 Char : 2 Error : Object doesn't support this property or method Code : 0 Anyone else seen this and or, got it solved ? M. = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] = = To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =