If you see successful key exchanges and traffic going out one firewall
encrypted and see it decrypt on the other side on SmartView Tracker
successfully then I can't really see what else you would really bother
to look for.
I typically just use the old - can I ping in each direction to validate.
I have had a quick check of a few mrtg configs here and it looks like you need to
loose the
leading full stop on your target, to read :
Target[fwaccepts]:1.3.6.1.4.1.2620.1.1.4.01.3.6.1.4.1.2620.1.1.4.0:[EMAIL
PROTECTED]:260
cheers,
Craig
-Original Message-
From: Mailing list
On the primary management server I get the error failed to connect if I
try to switch log files. Any ideas?
Regards,
Dirk Udo
Disclaimer:
' Aan de inhoud van dit bericht kunnen alleen rechten ten
Glad you got that fixed... I am having the same problem with traditional
VPN.
The log files show FW1_snmp from host A behind firewall #1 is
recieved/encrypted/sent, and the log shows that firewall #2
receives/accepts/decrypts FW1_snmp for internal NIC of firewall #2, but I
never get any reply. If
Hello,
I've been looking at the 'Database Revision Control' functionality in
SmartCenter. You can configure it to create a new version each time a
policy gets installed, only if the policy was changed. This will create
a file $FWDIR/conf/db_versions/repository/x/ckp_mgmt_version.tar.gz
This tar
My Primary management server (W2000 server) is not logging, the
secondary works fine.
If I run netstat on a module there is no entry of the pms on port 257.
Any help?
Regards,
Dirk Udo
Disclaimer:
Hi,
After applying the HFA04 patch the SMS process dies upon cpstart. Where can I find
log/debug information about why this happened?
Which binary is the smsprocess anyway?
anyone?
Kristen Thorsen
GSM + 47 99536503
[EMAIL PROTECTED]
=
To set
Agreed, there's no better test than sending traffic. The more
detailed command line tools are really better for troubleshooting, not
for validating a connection is up.
Shane
On Wed, 7 Jul 2004 09:26:41 +0100, Rutherford, Robert
[EMAIL PROTECTED] wrote:
If you see successful key exchanges and
Thanks Craig, I tried that and still get the same result. It's almost
like it's getting bad data back. But when I do an SNMPGET of that
exact OID, I return a good number.
Would anyone be able to send me an entire mrtg.cfg file (with
IPs/names removed)? You could do it off list to
[EMAIL
Do I really have to think before I answer? ;)
this is what I do if I suspect VPN troubles
1. bring up VPN and look for successful authentication
and key exchange in the logs
2. ping by IP to test routing to internal network (look for
envelope opening and closing to indicate network traffic)
3.
Hi Ray,
| Do you have it set to rematch connections after a policy
| install? I push
| policy to R55 via SecureClient all the time and never get kicked off.
No, I set it to persistant connections. Still a no go...
Guess I have to open a ticket at CP... :)
Sascha
Unfortunately, Floodgate is not supported in R55W, which probably means I
won't be able to use it. Neither is UserAuthority. No Nokia packages yet.
What's up with that anyway? Is Checkpoint doing away with Floodgate? Is this
just some interim build that doesn't contain the bits for FG-1 and
I have a question regarding proxy ARPs and HA on SPLAT (R55):
We are planning on rebuilding a current cluster using SPLAT. The current
NAT table includes some manual NATs which, in turn, require static ARP
entries. With splat, I know we can manually add ARP entries through SSH.
The problem I
Hi
We have been trialling a Network Appliance Netcache box, and rather than
change all desktops to point to the proxy cache, I'd like to take the
'transparent' approach and redirect requests at the firewall. This way, I
can also define/control whose web browsing activities are being passed to
the
Hello list!
Any ideas/procedures in backing up a Management Module on a W2k server?
Which is the best approach?
Thank you.
Cheers/Saludos!
Juan Andrés Galavís
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
Hi Gurus:
I have a management console FW1 - FP3 in W2K and is installed in a small partition
(c:\FW1), so I'm having problems to store logs. I would like to know if there is a
solution (or a workaround) to rename the path in the FW1 to store the logs in another
partition disk (for example
In Solaris you can just create a link. So the firewall wants to log
to $FWDIR/log, you can just make that a symbolic link to another
directory. So the firewall still always logs to $FWDIR/log, but you
really have that going to another partition.
I assume something similar is possible in W2K?
Hello.
We're upgrading from NG FP3 to R55 on Secure Platform, and going through
the directions we were supplied, we're asked to upgrade the PATCH
utility.
This utility does NOT appear to be on the Check Point download center.
Does anyone on the list know how to obtain the upgraded version of
I have a management server on a windows 2000 machine. I would like to
migrate this over to a new machine with a new ip address and a new host
name (running windows 2003). Does anyone have any documents, links or
suggestions on how this could be accomplished?
Thanks,
Leon
Hi,
There should be a registry entry for Windows to change this:
HKEY_LOCAL_MACHINE\SOFTWARE\Checkpoint\FW1\5.0\
The value of FWLOGDIR must specify the full path that you wish to place the log files
and it must be a local drive e.g. D:\fwlogs
Use REGEDT32 to modify.
Note : Use
I am running a distributed install with Windows R55 SmartCenter and Splat. I
want to upgrade my Splat to R55W, I just downloaded the
splatform_upg_R55w.tgz (112MB) and renamed it splat.tgz for simplicity.
I was able to run BACKUP on the Splat and send the backup.tgz file to the
TFTP server so I
Mike Feetham wrote:
I have a question regarding proxy ARPs and HA on SPLAT (R55):
The problem I believe we will run into is that if we add the ARP entries to
both enforcement modules in the cluster, then the standby module will ARP
for IP addresses that should be controlled by the active module.
Utsav Ratti wrote:
Crist Clark wrote:
Utsav Ratti wrote:
Yinal Ozkan wrote:
As far as I know Secure Platform does not have a routing daemon. All it
supports is static routing. Check Point will probably integrate GateD
from
nexthop.com for the future splat releases.
Incorrect. zebra is (and has
Crist Clark wrote:
Utsav Ratti wrote:
Yinal Ozkan wrote:
As far as I know Secure Platform does not have a routing daemon. All it
supports is static routing. Check Point will probably integrate GateD
from
nexthop.com for the future splat releases.
Incorrect. zebra is (and has been for some time)
To redirect log files to another drive or path:
Windows NT/2000
1. Add to the registry a new string value of 'FWLOGDIR' under one of
the following registry locations:
FireWall-1 4.1:
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1
FireWall-1 NG:
I create an image of it using DriveImage Pro every couple of weeks or so for
disaster recovery.
Ray
From: Juan Andrés Galavís [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Backing Up FW-1 Management on w2k
Date: Wed,
The SMS process allows the Edge box to talk to the SmartCenter server.
There's a known bug where logging OFF of the Windows 2000 SmartCenter server
will kill the SMS process. If you lock the server instead of logging off,
the SMS process keeps running. If you need to restart it, you can execute
I would like to create a report of any unused objects in the rule
base. I know you can do a query on the Network Objects and then
refine by 'Unused Objects'. However, I would like to take that list
and put it into a spreadsheet or some time of report.
Thanks,
--
Joe Mathai
Crist Clark wrote:
Utsav Ratti wrote:
Crist Clark wrote:
Unfortunately, any interfaces with anti-spoofing enabled are not going
to deal very well with dynamic routing for obvious reasons.
It actually works very well,
Really? How have you set up your Topology for the firewalls? What
happens when
Utsav Ratti wrote:
Crist Clark wrote:
Utsav Ratti wrote:
Crist Clark wrote:
Unfortunately, any interfaces with anti-spoofing enabled are not going
to deal very well with dynamic routing for obvious reasons.
It actually works very well,
Really? How have you set up your Topology for the firewalls?
Hi,
We are running NG R55, and was hoping someone can tell me if there is a way
to get a report out of SmartView Reporter showing failed login attempts for
VPN clients?
Using SmartView Tracker I can see the login failures and keep track of whats
happening, but there doesn't seem to be a nice
Crist Clark wrote:
Utsav Ratti wrote:
Crist Clark wrote:
Utsav Ratti wrote:
Crist Clark wrote:
Unfortunately, any interfaces with anti-spoofing enabled are not going
to deal very well with dynamic routing for obvious reasons.
It actually works very well,
Really? How have you set up your Topology
Hi,
I found out in Check Point website (under NG utilities), there is a add-on
utility , i.e. SNMP add-on for SecurePlatform NG with Application Intelligence
available for download. Is it possible to install it on Check Point FW-1 NG AI
(without SecurePlatform activated)? I'm using NG
On Thu, Jul 08, 2004 at 11:10:04AM +0800, Alexander Simbun wrote:
I found out in Check Point website (under NG utilities), there is
a add-on utility , i.e. SNMP add-on for SecurePlatform NG with
Application Intelligence available for download. Is it possible to
install it on Check Point FW-1
34 matches
Mail list logo