Hi Everyone,
Just wondering if anyone else might have encountered the same issue that
I am experiencing with Checkpoint site-to-site VPN.
I have two Nokia IP40 (Satellite 16 and Satellite 32) firewalls and one
Nokia IP130 firewall which is acting as the central gateway.
I am running Checkpoint
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see
Thanks! Helped a great deal!
Sascha
| -Original Message-
| From: Mailing list for discussion of Firewall-1
| [mailto:[EMAIL PROTECTED] On
| Behalf Of Thorsten Behrens
| Sent: Tuesday, August 17, 2004 6:15 PM
| To: [EMAIL PROTECTED]
| Subject: Re: [FW-1] vrrp - dedicated interface
|
|
It is not possible to turn on IPSec passthrough on Checkpoint firewalls for
hide NATs. If they did, the passthrough would only work for the first IP
that used the passthrough (So CP tells me, anyway).
This is why Checkpoint suggests using UDP encapsulation, which other posters
have stated is not
Yes, Visitor Mode encapsulates all of the IPSec traffic in a TCP port 443
SSL connection to fake out firewalls that only allow 80 443. It doesn't
have anything to do with UDP encapsulation.
Your response sounds like Nortel does have UDP encapsulation, so all you
have to do is allow that UDP port
We have just upgrade to FW1 NG AI R55 running on a windows 2000 platform.
A print session form a unix server with Fusion95 cant get the print to the
clients.
We have a rull :
Server - client net - any - accept - log
The log says accept, but the next line is a entry saying the packet i
droped.
Turn Relay Off the SMTP serveruse it only as incoming SMTP server.
Outgoing SMTP traffic should be directed to the Checkpoint firewall,
create an SMTP resource in the firewall configuration and appropriate
firewall rules to forward the SMTP traffic out the Internet.
You cannot hide the
Hi,
I need some help dealing with licenses.
What licenses I'm going to need if I want to deploy distributed
deployment, with one mgmt server (win2k), two enforcement module on
Nokia ip530, with nokia ip cluster and chekpoint ClusterXL enabled?
Thanks
Victor.
I was a little confused by your question so didn't answer at first,
hoping someone else understood better. Since no one did, here goes
my guess. This is a routing issue handled by the firewall. The
firewall knows about the routing requirements for your extranet
tunnel based on topology. You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Victor,
You would need:
2 Enforcement module licenses
1 SmartCenter license
1 ClusterXL license
There are different options for the SmartCenter license, you will want
to check with your distributor to see which one fits your organization best.
HTH
- --
We are looking at the IP2250 and one of my associates hee stated that
checkpoint and 3.8 are not getting along very well, I am wondering if anyone
has any open issues that are being blamed on version 3.8.
I am wanting to upgrade all of our gateways to version 3.8 with the next
upgrade but if
Nortel does support NAT Traversal. It is proprietary to the product
line(client/switch) and is not Integretable.
In order to make Nortel's NAT Traversal work, enable it on the switch.
You have the ability assign the UDP port that you want the switch to use
for the UDP encapsulation. The only
I ran into this problem before with FP3 on Nokia. The cause was related
to applying NG hotfixes to the firewall module via SmartUpdate. In
short, we had to re-install the firewall software and apply the hotfixes
from the command line.
Blair.
-Original Message-
From: Mailing list for
Even behind a linksys it shouldn't work for more than one Dist IP. on
your FW you need UDP500 to be allowed whether you are using NAT-T or not
for IKE. If you enable NAT-T you will need to choose a high UDP port to
use for encapsulation, make sure that the port you chose is open in your
I am confused to why you would want to do this at the firewall.
Relaying can be prevented and allowed for specific machines
in your smtp server properties.
Hal
-Original Message-
From: Brooks, George [Contractor] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 18, 2004 9:28 AM
To:
What I learned from class is that SmartUpdate does not
work with Nokia platform.
Wayne
--- Blair Nason [EMAIL PROTECTED] wrote:
I ran into this problem before with FP3 on Nokia.
The cause was related
to applying NG hotfixes to the firewall module via
SmartUpdate. In
short, we had to
I have working what I wanted to work, but I will try to explain.
The Internet is 10.10.10.xxx
The External IP address of my firewall is 192.168.100.30 which is also
the MX record value
The Internal IP address of my firewall is 192.168.200.29
My Internal SMTP server IP address is 192.168.1.230
Thanks Hal. Your thoughts make complete sense and that's how I initially
set up the connectivity but it didn't seem to work.
Packets to the extranet destinations that SecureClient users need to get to
would be accepted and decrypted at the gateway using Client Encrypt
rules. However at that point
Just a quick correction;
AH and ESP are IP protocols, not TCP. So the security policy will need
to allow IP protocol 50 for ESP.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Abdelkader, Amr
Sent: Thursday, August 19, 2004 5:33
Define not work - I've used it multiple times to upgrade Nokias, both
for the OS as well as the checkpoint software. Do you mean it is
considered unreliable? Does Checkpoint not recommend it?
--
Jon Allingham
Leapstone Systems
-Original Message-
From: Wayne Ho [mailto:[EMAIL PROTECTED]
Hi All,
We are using FP3 checkpoint firewall and we received the following error
message in log viewer and the application cannot be worked. (This
application is Oricale)
14:23:05 drop 146.222.76.1 qfe2 product: VPN-1 FireWall-1; src:
146.222.76.
51; s_port: 51278; dst: 146.222.8.66; service:
21 matches
Mail list logo
