-Original Message-
From: Shane Presley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 29, 2004 5:40 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] Monitoring Throughput (Kbps of an interface)
I've been wondering two questions relating to throughput
-How much traffic (in Kbps) is my
You have enabled logging on the encrypt rules I take it?
As somebody else said.. Is it a star or mesh?
It could also be routing, check that.
-Original Message-
From: Alan Cupernall [mailto:[EMAIL PROTECTED]
Sent: 29 June 2004 15:15
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] problem with
If you are just after monitoring throughput on the interfaces then this is a generic
MIB contained within MRTG.
There is a util called cfgmaker that comes with MRTG, this will create the .cfg file
for you.
Within your mrtg directory there should be /doc this has the basics for cfgmaker in
it.
This is related to my previous email about monitoring a FW-1 system
for throughput. Thanks for the comments. I've made some progress
getting SmartView Monitor to do what I need!
If I want to setup MRTG as well, does anyone have any hints or
references? I have MRTG setup and running, monitoring
In the NG AI R55 we have an issue with installing user database on remote
modules. In the SmartDashboard we go under policy- install database, we
only see the smart center as possibility. We do not see our remote modules,
although we can load complete policies on the remote systems.
The
here we go (copy / paste from the release-notes):
Resolved Issues in HFA_R55_06
Resolved issues for the current HFA.
TABLE 0-1 Resolved Issues: R55_06
R55_06 Description Installed On
R55_06-1 SmartCenter - Logging:
The following error message is displayed in SmartView Tracker:
some log entries
This sounds like the packets that are headed for the Edge domain are
getting translated before being encapsulated by the VPN. You may want to
add a NAT rule that states if going to the VPN domain of the Edge
device, leave the packet original. I think I had to do this in order to
take care of the
sk15270 fixed it for us as well. Just a small change to objects_5_0.C
Shane
On Wed, 30 Jun 2004 12:09:49 -0500, Chris Hoff
[EMAIL PROTECTED] wrote:
According to Knowledgebase article sk15270, this functionality was taken
out of FP3 and above because of security considerations. Like Ray, I am
it's funny that CP Support did not mention this when I opened a support
call on this very same issue.
[EMAIL PROTECTED] 6/30/2004 1:09:49 PM
According to Knowledgebase article sk15270, this functionality was taken
out of FP3 and above because of security considerations. Like Ray, I am
reluctant
In order to manage an Edge box from an R55 SmartCenter Server, you have to
manually execute a batch file named smsstart.bat nominally found in
C:\WINNT\FW1\R55\bin. Once this is done, the Edge X box can connect to the
SmartCenter server and be managed by it.
Unfortunately, as soon as you logoff
sk18666 has a change you may need to make. I'm reluctant to post its details
because it's not in the public SecureKnowledge database. The article
references FP3. We upgraded from FP3 directly to R55 and still had to make
this change. After making it, it works as advertised.
Ray
From: Christian
Hi, all
We currently run CheckPoint R55 on Solaris 9 with StoneBeat FullCluster load
balancing. We are thinking to add FloodGate-1 to our environment so we can
do bandwidth control. Has anyone implemented this? I called StoneBeat and I
was told that StoneBeat does not interact with FloodGate.
We are having the same issue. Checkpoint support was unable to answer my
question. My mgmt station is NG AI R55 and my remote modules are still NG
FP2. CP support said that is the reason. Not sure if I believe that or
not.
[EMAIL PROTECTED] 6/30/2004 10:56:38 AM
In the NG AI R55 we have an
Gees, that's an article with pretty ugly ramifications! severe problems
and unable to load rulebase??
Thanks for pointing it out, Chris. Hopefully Check Point will yank one or
the other article. I guess I better go undo that previous article.
Ray
From: Chris Hoff [EMAIL PROTECTED]
Reply-To:
Are these in production yet? If not, ask your Check Point SE to see if they
can get you a copy of the latest beta firmware. Another resource is the
discussion forums at www.sofaware.com
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To:
Hello Lists,
I stuck once again in Firewall configuration; I am able to connect GUI to
Firewall Box. Now I want create hide NAT for my internal clients to access
internet. I am able to browser internet from firewall BOX. I install
checkpoint on win2k BOX.
But in Checkpoint Smart Tracker, I can see
Hi Shane,
I had a whole lot of trouble getting MRTG to talk to the non-standard
SNMP port (260/udp). Instead, I created a few very simple perl scripts,
which use the Net::SNMP module to grab one or two stats at a time.
All you need to do is write a script that returns two integers (which
can both
Do you have a static route in the firewall that says to send packets bound
for the internal network to the next hop inbound router?
Ray
From: NAVTEJ KOHLI [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Problem in Hide
naw not even close to production yet.
I am still having the issue with the one way traffic, I don't remember any
translation rules that are affecting it but I will check tomorrow.
Thanks for the info...
- Original Message -
From: Ray [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
I'm not using LSM but rather a community. I disabled NAT in the community
and on the Edge box. I also set up the Edge box so its Service Center is
my SmartCenter server. Once I pushed the policy to the main gateway and the
Edge box, a policy which did not have any Edge-specific rules, it went
I have used the following format for the target line without issue.
Also, you need to make sure that your firewall is not dropping the
traffic for the port (Checkpoint is default UDP/260 I believe). The
target statement defaults to port UDP/161.
Target[tg_one]:
Both are now available from the Check Point download site. From a
presentation I saw on the SSL Extender, it looks pretty nice and is supposed
to be priced the same as a SecureClient license although it seems to lack
the client-side firewall. Oddly, neither the license agreement nor the
release
22 matches
Mail list logo
