Hi guys,
I am getting the following error when trying to get my vpn-1 edge
appliance to work under site to site mode. Does anybody know where I
have gone wrong?
Number:47053
Date: 13Jul2004
Time: 15:35:36
Product:
Hi gurus! :)
I am a Network admin of one of the largest campus networks in Portugal and
have deployed IPv6 through out the network now we are migrating our firewall
to new equipment and would like to know how to activate IPv6 on my NGAI Box.
I'm using central licenses and normally use the
Hello,
I would be very grateful if anybody has some pointers on whether
Checkpoint state sync/load balancing will work over a gigabit link
between 2 data centres with a portion of that link as a dedicated
100meg slice for the state sync info.
We are looking at a setting up a multihomed ISP
Hi,
We are trying to configure VoIP on a SPLAT/NG-AI (R54) with three
network interfaces and this topology:
- A Gatekeeper in a first network A connected to the first fw nic
- A Gateway in a second network B connected to the second fw nic
- Soft phones in a third network C connected to the third
Can someone explain what is the best practice for backups and restores
(if needed) on NG AI R55 SPLAT - Differences with Snapshot,
Backup/Restore, Import_export tools?
Thanks
=
To set vacation, Out-Of-Office, or away messages,
send an email to
Utsav -
Thanks for your reply. Since the router configuration works with my FP3
firewall, I assumed it would work with a splat R55 firewall without making
any router configuration changes.
When I connect the NG FP3 (Windows 2000) firewall to the router, ARP happens
on both devices almost
What are you using to maintain the user names, are you authenticating
against AD?
Surfcontrol can use AD (Mixed mode), NT Domain, NDS, and Netbios discovery.
There is a EUM (service) that gets installed onto each primary/backup/AD.
We are using the AD in mixed mode. Netbios discovery is turned
We use ISA as just a caching proxy and that will authenticate against
the AD. I'm pretty positive that SQUID will also authenticate against AD
and comes in Linux and Windows flavours these days... Wingate is also a
good cheap proxy with AD integration. I would imagine that the
NetAppliance will 2
I know that previous versions of SPLAT don't proxy arp automatically. I
think I used the fix listed here...
http://www.fixmyfirewall.com/fw1/fw-1.0065.html
BR
Rob
-Original Message-
From: Sheffield [mailto:[EMAIL PROTECTED]
Sent: 13 July 2004 12:41
To: [EMAIL PROTECTED]
Subject: Re:
Try free/openswan I think it works with Mac OS X or I found this:
http://www.equinux.com/us/products/vpntracker/whatis.html
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf
Of Tom Brown
Sent: 12 July 2004 21:06
To: [EMAIL
I am looking for the Power point that was done on version 3.8 which shows
the better memorey and through put abilities of the new version, call Nokia
and they can't find it
Thanks for the help.
Tom
=
To set vacation, Out-Of-Office, or away
All,
A (hopefully) simple question,
We have a number of internal networks all using 192.168.x.x I have a
number of securemote users who end up in hotels using wifi to access the
net, many of these hotels also use the 192.168.1.x range for wifi then
NAT. I need to get connectivity back to our
SecureClient for Mac OS X (Panther) 10.3.x is in Beta test. You can
try to subscribe as a beta tester at http://www.checkpoint.com/eap
Best Regards,
Layne Meier
Atlanta Journal-Constitution
A Cox Newspaper
On Jul 13, 2004, at 10:43 AM, Alaric Turner wrote:
Try free/openswan I think it works with
One of my end users has been using VPN Tracker with success for about 2
years. The setup is simple and Equinux has good documentation for
Checkpoint.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Alaric
Turner
Sent: Tuesday, July
Use office mode. According to my Checkpoint rep, it is permissible to
install SecureClient to use office mode without having a SecureClient
license. You just don't get to have a policy server and push down rules.
This will solve the issue that you're facing.
T. Brian Granier
GCIA, GCFW, GCIH,
Owen,
Check to see if the settings are such:
Create a rule on the firewall like this:
corp_network/edge device -- edge device/corp network -- allowed protos
-- encrypt
My encrypt rules from above show:
3DES-SHA1-Group2
The interoperable device is set up like this:
3DES-MD5-Group 2
This
I have seen beta versions of SecureClient for Mac machines (although I
currently cannot remember where). You may want to talk to your local
Check Point SE about this.
Regards,
Chris
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
I have noticed running SecureClient R55 HF2 seems to help. I have never
seen as long of a pause (mine are usually 3-5 minutes at the most), but
upgrading to HF2 took it down to around 30 seconds - 1 minute of extra
boot time.
Regards,
Chris
-Original Message-
From: Mailing list for
I'll bet they fix this in the next release. SecuRemote used to work with
Office Mode and then that ability was taken away. Their KB articles say
SecureClient is required for Office Mode and that piece of software requires
a paid-for license.
Ray
From: Brian Granier [EMAIL PROTECTED]
Reply-To:
We have the checkpoint version 4.1 and are trying to get a Cisco VPN
connection to work through the firewall. Ive tried both static and Dynamic
IP on the client side without luck. Has anyone gotten the Cisco VPN working
through the FW version 4.1?
Cheers,
Dustin Donahue
Cowlitz Bank
[EMAIL
State sync is only effective if state information is replicated to the
secondary box before potential traffic is received on that box. It
doesn't matter whether you dedicate 100M of your gig link or the entire
gig link; your problem will be latency, not bandwidth.
Josh Fry wrote:
Hello,
I would be
Mark,
The router will ARP for the IP address of the firewall only when it
needs to route something to it. It is possible that the Windows box is
doing something that triggers this while the SPLAT box does not. That is
why I suggested routing some traffic from the firewall (or behind it)
through
Having spoken with my Checkpoint rep an additional licence is required
for SecureClient :-(
I have to admit to not quite understanding how office mode would work
anyway, we are already using an IP pool on the Checkpoint firewall which
works, as long as the nated cleint adress does not apear to be
Has anyone ever setup SecureServer on a Microsoft Exchange server? Does this
not sound like a good idea for an Exchange server that is in a high risk
environment?
Feedback from anyone who's running SecureServer would be great!
-JRM
IP Pools sometimes gives you problem if the address range they are
connecting from is in your encryption domain.
T. Brian Granier
GCIA, GCFW, GCIH, GCUX, CCSE, CHP, MCSE (NT4,W2kW2k3), et al.
Information Security Architect
Zebec Data Systems, Inc.
-Original Message-
From: Mailing list
Yes
Remote access to a edge box is fine. SecurClient works but only R55 will
connect if you don't have a certificate on the edge box - R56
SecurClient requires this to work.
Setup the vpn users in the edge device and give them vpn access and
check the unrestricted access box to disable nat.
26 matches
Mail list logo
