On Wed, Jul 07, 2004 at 01:53:41PM -0400, Leon Rosenstein wrote:
I have a management server on a windows 2000 machine. I would like to
migrate this over to a new machine with a new ip address and a new host
name (running windows 2003). Does anyone have any documents, links or
suggestions on
You can do this using the fw1rules.pl script.
http://www.wyae.de/software/fw1rules/fw1rules-7.3.39.tar.gz
http://www.wyae.de/software/fw1rules/
NF
-Original Message-
From: Joe Mathai [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 07, 2004 11:58 PM
To: [EMAIL PROTECTED]
Subject:
On Fri, May 21, 2004 at 08:35:22AM -0400, Stewart Williams wrote:
I looked at my packet sniff of the external in front of the Edge and
everything looks good. I just sent that stuff to CheckPoint, so
hopefully they can tell me something. I'm going to keep looking.
I'll let you know if I find
Hi, everybody!
Our company use Checkpoint product :CPFW-FIG-25-NG (Feature pack 2). Now we
want to configure firewall allow SIP, but RTP ports are dynamic port. We
know that, in order to fix dynamic RTP port, we need SIP aware firewall.
Could you tell me about SIP aware firewall and firewall
I use the upgrade_export utility from every Checkpoint NG CD, so you get a
tar file. This procedure is very nice for weekly/daily backup.
I create an image of it using DriveImage Pro every couple of weeks or so
for
disaster recovery.
Ray
From: Juan Andrés Galavís [EMAIL PROTECTED]
Hi All ,
Does anybody have a procedure for the setup of HA on 2 secureplatorm machines and a
procedure for the stup of clusterxl.
Tks
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email
I would order an Upgrade Pack. It should be included on the CD.
Huiqi
Gallina,
Michael
[EMAIL PROTECTED] To
TE.OH.US [EMAIL PROTECTED]
Sent by: Mailing INT.COM
Guys and Gals,
I am trying to setup a VPN between a cisco router and checkpoint NGAI and I
cannot get it to work correctly, I get the message:
Encrypt Fail Reason: cannot identify peer for encrypted connection(VPN error
code 2)
Any help would be greatly appreciated on setting this up...
I'm replacing my IP330 with a IP350. I trying to use Backup / Restore from
voyager to restore the Checkpoint configuration:
1) Backup of IP330
2) Install IPSO and Checkpoint on IP350
3) Restore backup on IP 350
This does not work - so what am I missing?!? Do I need to run 'cpconfig'
on the new
We've just upgraded from 4.1 to NG AI (R55) HFA_04. Management and
Firewall are on separate Solaris boxes.
Previously I'm fairly certain we were able to modify User Accounts (for
VPN) and just (re-)install the user database. Now it seems like we have
to (re-)install/push the policy as well.
Has
ftp the package to your server instead of tftp and patch from there.
or patch using the SmartUpdate GUI
[EMAIL PROTECTED] 07/07/04 03:27PM
I am running a distributed install with Windows R55 SmartCenter and Splat. I
want to upgrade my Splat to R55W, I just downloaded the
splatform_upg_R55w.tgz
Hi Alan,
There was just a discussion on this a few days ago. It seems that starting
with FP3, Check Point removed that option by default, no longer listing the
gateways. They have a KB article that gives a dbedit change you can make to
restore this functionaility.
However there seems to be a
Nokia does recommend that you run a cpconfig before doing a restore.
But I'm not sure that's your problem. Are you sure you can restore an
IP330 image onto an IP350? Generally you would only want to restore
to an identical platform.
Shane
On Thu, 8 Jul 2004 13:03:30 +0200, Christian Koefoed
Hi All,
Have a DL360 running SPLAT and the system fans are belting along at full
whack and are not slowing down You know when you first boot any DL
range server in Windows that it revs the fans to full and then drops it
down once the system is booting... This isn't happening with SPLAT.
Any
Hello Gurus,
Has anyone implemented SPLAT with out of band management in some way,
shape, or form?
Thank You,
Christopher Hoff
Security Engineer
CCSA, CCSE+, CCSI, NMPA, F5CP
Cornerstone Solutions, Inc
CONFIDENTIALITY NOTICE: This e-mail message and any attachments are for
the exclusive
I spoke to someone at Nokia about the backup and restore function recently,
they said NOT to use it to restore Checkpoint. Use the upgrade_export util
to save your Checkpoint config. Backup your IPSO config only using the
backup/restore fucntion. You should be OK restoring the older IPSO config to
I forgot to ask - is this an enforcement point only or is it a
management/enforcement combined?
-Original Message-
From: Mark Pays (GTA-LON)
Sent: 08 July 2004 15:56
To: 'Mailing list for discussion of Firewall-1'
Subject: RE: [FW-1] Backup/restore on IPSO
I spoke to someone at Nokia
Interface names on 330 and 350 are probably different so your restore
operation might require additional manual labour on interfaces and vrrp- if
exists. Check existing interface status after restore operation. (by the way
if you are restoring a gateway do not bother restoring CP config at
When you do the Export/Import, keep the old IP and name the same. Then
AFTER the import, you can change the IP and name. If you change IP and
name of the box, the Import won't work correctly.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On
Are you using the same version of IPSO and CheckPoint to restore?
I think the better way to restore the CheckPoint configuration is the
upgrade_export and import.
Rgds,
Javier Díaz Evans
Project Enginner
Etek International - Colombia
ISO 9001 certified
Tel: +57-( 1)-257-1520
Fax:
A couple of thoughts
I'd recommend something like a Raritan box, which has a dial-in
interface. You could do the same with Avocent, etc... But I don't think
they have dial-in. You could always connect to a secure Dial-in box with
a modem? None of these are cheap though.
Attach a serial cable
1) Upgrade the ip330 to have the same ipso version that the ip350
2) backup
3) restore on the new ipso.
Regard's
Christian Koefoed wrote:
I'm replacing my IP330 with a IP350. I trying to use Backup / Restore from
voyager to restore the Checkpoint configuration:
1) Backup of IP330
2) Install IPSO
Our SPLAT is on a Dell Poweredge box, but I know that if I unplug one of the
two power supplies that all the system fans kick up to high gear and make a
tremendous amount of noise. In the event this is a dual power supply
machine are both power supplies plugged in and operating normally?
Hi wizzards
Due to hardware failure on our box the system crashed and
it looks like the Checkpoint seed is corrupted. When we
start the system (with the new hardware) up, we get the
following errors:
cprid started...
rand_add_seedfile: Failed to read seed from registry.: Not owner
Hi,
The machine that is going to house the management server is in a
separate domain (and physical network) so unfortunately this would be
impossible.
I appreciate the attempt. Anyone else? Surely I am not the first
person to try this.
Thanks,
Leon
-Original Message-
From: Mailing
Hi Rob,
I think you'd need the HP linux drivers and agents to get thermal monitoring
and fan control working. You might be able to hack the install script to
make it believe its Redhat 7.3, but I really wouldn't recommend it as I
doubt HP or Checkpoint would support it.
My advice? Don't sit
[LOG_CRIT] kernel: FW-1: fwconn_chain_get_something: fwconn_chain_lookup
failed (5)
Any one ever see this?
I was just browsing around the logs on the Nokia and I see this pop up every
now and then in the logs. well it is only every three days so not too
important just curious as to what it is.
Yeah, I thought that might be an issue, but the time matches up with the
rest of the devices. Just doesn't make sense.
Thanks for responding!
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Plaenk
Sent: Thursday, July 08,
Check to make sure that the time on the Edge box matches up with the
time on the other server. If it's out by too much, it will have problems
with the tunnel as well. I ran into this issue myself.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]
As mentionned below, the box isn't the same (but only the cpu is
different).
Why do you need to get the config back from the old module, as the whole
stuff is on the management ??
(or perhaps you nokia is management + enforcement).
You can upgrade to the last ipso 3.7 before reinstalling the
I downloaded it from the cp website when I did the upgrade (it was part
of FP3 second edition) but it doesn't appear to be there any longer.
ian
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 08 July 2004
There is a patch available from HP regarding the fan slowdown on boot of a
DL360.
I have 8 DL360's running RedHat 7.3 (web servers), and had to patch each of
them to get the fan speed down post boot.
Post patch, the fan speed will slowdown once a script in rc3.d is started
during the boot process.
Don't know about the DayOfMonth part.
To stop backing up the logs:
In /var/CPbackup/schemes
Edit fw1.cpbak and remove the /var/opt/CPfw1-R55/log/* from the
INCLUDE_FILES section
Next time you upgrade, this file will be overwritten however.
Dave Crowfoot
[EMAIL PROTECTED] Thursday, July
I'm not familiar with SPLAT but I know that there was a patch for fan speed
under Windows in the HP Management Agents.
Simon
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford,
Robert
Sent: Friday, 9 July 2004 4:34 a.m.
Yeah, there's a Nokia KB article on it that says it's benign and ignore it.
It was supposed to be fixed in a later version of IPSO. I don't see it any
more on 3.7.1 build 10.
Ray
From: Tom Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
This message can be ignored. The message appears when the fw receives an
ICMP time to exceed message. Nokia states that There is no known impact of
this error and can be safely ignored. The message is to be suppressed in
later releases of the CKPT.
Dan
-Original Message-
From: Tom Stala
Hi, all
I have a client runs StoneBeat FullCluster for NG AI R55 environment, right
now they are considering to implement FloodGate on the cluster to control
the bandwidth usage. Has anyone successfully implement this? Any pros and
cons? Thanks in advance.
Ryan
I was speaking to a SE from Check Point last night. He did mention that
there is a new version of VPN-1 Edge X OS that fixes VPN issues between an
Edge device and a VPN-1 firewall module. It is available for download from
the Check Point site, a valid software subscription is required to get the
38 matches
Mail list logo