To remove configuration jump on command line
Cd /config
Rm active
Cd db
Rm initial
Reboot
This will blow away any configuration and you will be greeted with the 'Hostname?'
prompt after boot
To blow away all file system and install IPSO from scratch
Enter command mode at boot
Type install
Hi All !
We are currently having 59 locations, with each
location being on a LAN. All the locations are
connected in a WAN. Only 100 users across the WAN are
having access to internt Mails and Internet Browsing
access. The number of PCs in the WAN across 59
locations is 900.
However, all the
I wouldn't advise blocking MAC addresses Also seems to be a bit of
admin nightmare.
Why not use an authentication method, i.e. User or Session auth?
Or put in an authenticating proxy and allow that access
-Original Message-
From: Covington, Chris [mailto:[EMAIL PROTECTED]
Sent: 11
Hi,
Please share your experiences with ISP redundancy feature ?
regards,
U.SivaKumar.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
AFAIK... Checkpoint has changed the licensing so that you only need to
license for IP's which traverse the firewall, thus you would only 100
lics.
If you will be using VPN-1 to link all your offices then you would need
to obviously license for which ever IP's talk through the f/ws
interfaces.
Thanks a lot Rob.
That means, if I am having 100 users who access the
internet mail server, and transact mails to and fro
the domain, I need to take only 100 licenses.
My Firewall has published a NAT-ed IP Address of the
mail server so that the internal users can access it.
I hope that is not
Don't forget to count outbound mail servers, anti-virus servers clients
looking for updates, DNS servers, etc. as IP addreses crossing the
firewall. We've also seen backup software and other products looking for
automatic updates going out quite a bit. You may have far more than the 100
you
Perform a clean platform
- fist you will need a FTP server with IPSO image in your LAN
- reboot your IP
- select the bootmanager by press 0 in the boot options
- you will request to press any characters (i.e. press a)
- if you see BOOTMGR[0] you are in the boot manager
- execute install
- follow
Hi all, I have a problem with a couple of firewall in High Availability with
ClusterXL. I have two SunFire 280 with O.S. Solaris 8 and Firewall-1 NG R55
AI with ClusterXL configured in High Availability Legacy Mode. The cluster
has been ok for two months, but since two weeks ago problems have been
I believe it must be done on a cache itself. It does not matter where the
outbound traffic goes from the firewall's point of view.
Best regards,
Roman M. Zeltser,
@National Computer Center
DNE, RSIS
Information Security Index
*** Securing your retirement money from hackers.***
-Original
I am having a problem with drive mappings through the firewall NG AI R55.
I get the error CIFS message is too long but it states that it is the
firewall dropping the connection not SMart deffense.
I go into smart deffense and I turn off the part that checks for worms and
we are able to connect
.tgz
-Original Message-
From: Matt Jordan [mailto:[EMAIL PROTECTED]
Sent: 12 July 2004 15:19
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Splat patch attempt for R55W, TFTP issues..
But I don't want to USE smart update. The last paragraph says no cd's
and no smart update.
So my question
But I don't want to USE smart update. The last paragraph says no cd's and no
smart update.
So my question is, what file(s) should I place in my TFTP share to patch
my splat? Apparently the default 112MB download is way too big. Ive unzipped
it but can't seem to find which file. Should it be a
I know you have to enable (change to true) the enable_propfind_method property to get
Outlook Web access working, have you tried this yet?
Its under Global Properties, SmartDashboard Customization, Advanced Configuration, Web
Security.
Rick Centner
Global Security Engineer
-Original
This is assuming you get the Express Version of licensing...
Chris
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Subhasis Gupta
Sent: Monday, July 12, 2004 6:15 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Checkpoint Licensing
This is in my /var/log/messages file:
Jul 12 10:12:45 no-fw1 kernel: create_mspi: ERROR: free MSPI pool is not
allocat
ed yet
Jul 12 10:12:45 no-fw1 kernel: create_new_MSA: ERROR: failed to create mspi
Jul 12 10:12:45 no-fw1 kernel: vpnioctl_store_spi_in_table: ERROR: outbound
esp
spi error
Jul 12
Hi Nic,
We do it with a layer 4 switch (Nortel Ace Director) in front of the firewall to
redirect http requests to a pair of netcaches... we also have the IP spoofing feature
turned on so that the requests proxied by the netcaches appear to originate from the
actual users' workstations so the
Rutherford, Robert
Sent: Monday, July 12, 2004 3:13 AM
I wouldn't advise blocking MAC addresses Also seems to be a bit of
admin nightmare.
Why not use an authentication method, i.e. User or Session auth?
Or put in an authenticating proxy and allow that access
I have to agree here. We use
objects.C
asm_cifs_max_buffer is default 4000
was suggested to me to place at 6000
the size is in bytes.
- Original Message -
From: Tom Stala [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 12, 2004 9:39 AM
Subject: [FW-1] CIFS message is too long
I am having a problem with
I am attempting to move a splat R55 (intel) box from our test lab into
production to replace a windows 2000 FP3 box. In the past the normal
procedure has been to clear the arp cache on the router and boot the
firewall. Very shortly after booting the FP3 box, the router arp cache
contains a
Well, ok, would it be ok if you just used ftp to place the file on the SPLAT box then
apply it using patch add full_patch_path from a local directory?
You wouldn't be using SmartUpdate or a cd or anything...
As far as TFTP goes, I'm probably not doing something right, but I can not get
anything
What are you using to maintain the user names, are you authenticating
against AD?
I wanted to avoid having to have everyone authenticate when only a few will
be blocked.
John
|-+
| | Edwin Davidson |
|
Hi All,
Does SecureRemote/Client connectivity to an edge device work the same as to
a Standard checkpoint firewall?
i.e. Do I just add the device to the RemoteAccess community, and configure
the policy on the mangement server, or do I need to setup the access in the
web console?
Regards,
Hi,
Can't frind any answer in the archives for this so... Does anyone have any
success connecting to a FW-1 firewall with some form of VPN client that runs
on OS X as i see that there is still no client available for this OS - We
have several prople requiring access that do not run windows.
This
finally got that fixed,
OWA is not working after Smart Defense was enabled
what I did, based on Checkpoint Knowldegebase, I chnaged enable_propfind_methode
from Fals to True
and installed policy, but did not fix the problem
then what checkpoint told me to do after I oppened a ticket with
All,
Has anyone else experienced a long pause (20 minutes or more) during pre-OS
utilities such as sysprep when the machine has been preloaded with
SecureClient? Our desktop images have SecureClient installed but do not
have any policies installed or anything when sysprep is ran.
I've google'd
Mark,
You haven't elucidated all the details, so I will assume that the router
has an interface in the same broadcast domain as that of the external
interface of the firewall.
The router will ARP for the IP address associated with that interface
the first time it tries to route traffic to it.
The
I will be out of the office starting 12/07/2004 and will not return until
14/07/2004.
Risponderò al messaggio al mio ritorno. Per comunicazioni urgenti
contattare Luca Paci tel 0039 0732 66.2521, grazie
Hi David,
We handle this issue by keeping SecureClient in a folder on the hard drive
and not installing it until the image is restored. This keeps us from having
to recreate an image just because SecureClient changed. Since last June,
we've had the R54 client, the R55 client, the R56 client and
I am a new to the world of SPLAT and would like to mount the CDROM in
order to install NIC drivers for the IBM blade that SPLAT is running on.
From within expert mode what is the command to mount the CD drive? Mount
-f cdrom /dev/cdrom /cdrom doesn't seem to work. It says /dev/cdrom is
not
These should do the trick:
File Systems
mount/mnt/floppymounts the floppy drive
umount/mnt/floppy unmounts the floppy drive
mount mnt/cdrom mounts the cdrom drive
umount/mnt/cdromunmounts the cdrom drive
Regards,
Andrew
-Original
31 matches
Mail list logo