Hi Group.
Has anyone ever encountered problems with Nokia IPSO/FW-1 NGAI, where the CheckPoint
logs store both locally (on the enforcement modules) and on a remote FW-1 logging
server?
We are seeing the local $FWDIR/log/fw.log growing rapidly and impacting on the Nokia
system performance
We are having the logging problem issue with NG-AI hf5.5 for about 2 months
that has not been resolved, yet. Even though we have found the problem with
DNS resolution between the firewall and the management server and fixed it,
the problem still exists. The Check Point's developer is working on
Hi David,
I have a problem with a cronjob that does the log export and ftp from a
secure platform box. When run manually it works fine but
when in a cron job it does not run correctly. The script will run but it
just skips the fwm logswitch command. The script is below.
I am a real newbee on this
make sure fwm is in the PATH of the user that is running the script or put
the PATH into the script
Hi David,
I have a problem with a cronjob that does the log export and ftp from a
secure platform box. When run manually it works fine but
when in a cron job it does not run correctly. The
Hi Kevin,
Thanks!
The system is distributed - the NGAI management server runs on it's own host system.
The firewall is sourcing it's clock from NTP - from the same source as the NG server
and log server.
The log server is recording all of the logs, so I don't think that this is a sync
issue.
So you see the SIC traffic exit the siteA firewall? Are the src and dst
IPs correct? Is spoofing causing any problems on siteA firewall or
siteB firewall?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of David
Walker
Sent: Monday,
The management server is on a different network. I can ping the remote
firewall from the management server and the remote firewall can ping the
management server, so routing looks ok. I can sit on the firewall and watch
the icmp request and replies come in and out.
I have manually NAT in place
Verify in the configurations of Switch if exists the entrance of virtual
IPs that they were created for Cluster.
ex: Switch 6500 = arp ip virtual fw-int mac-adress virtual ARPA
You find referencais in Site of CheckPoint
I hope to have helped you
Cassio David Pereira wrote:
Hi...
We are trying to
what do the cron logs show you?
I have added the path in the script as below but the result is the same.
Any
other thoughts?
/opt/CPfw1-50-04/bin/fwm logexport -i 2004-08-15_235900.log -o
2004-08-15_235900.txt
Thanks
-Original Message-
From: Mailing list for discussion of
Use /bin/bash instead of the Check Point shell.
Also make sure, that $FWDIR is defined and exported.
Regards,
Tobias
-Ursprüngliche Nachricht-
Von: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Im Auftrag von Shiazad
Ahmed
Gesendet: Montag, 23. August 2004 16:12
I have added the path in the script as below but the result is the same. Any
other thoughts?
/opt/CPfw1-50-04/bin/fwm logexport -i 2004-08-15_235900.log -o
2004-08-15_235900.txt
Thanks
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Behalf Of
Hi
We run R55 on Linux at 2 locations, one was an upgrade from FP3 and the
other is a clean install.
When we use secure remote we assign IP's from a pool specifically for secure
remote users. I'm finding that the users are 'seen' to be coming from their
real nat'd IP on the fresh R55
We have run a couple NG FP3 SmartCenters in the past and now have
Provider-1 AI R55 on Fujitsu with no problems. The biggest problem Ive
seen is that you have to run the Fujitsu approved Solaris (and patches)
which adds some complexity to the system support.
stephen
rbhan [EMAIL PROTECTED]
Try using TCP encapsulation in Cisco Concentarator you might get a beter
results then using UDP port 1000
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Previtera, Sal
Sent: Monday, August 23, 2004 2:16 PM
To: [EMAIL PROTECTED]
I don't know if it's available in SecuRemote, but R55 has a feature named
ipassignment.conf which is a file where you can set a user ID and the IP
address they always will get. Kind of a DHCP reservation thing. I do know it
works in SecureClient and Office Mode.
Ray
From: Tom Brown [EMAIL
Hello,
We have a Checkpoint firewall NG FP2 running on a Nokia IP300 appliance.
The SMTP security gateway is configured to receive inbound mail and
relay it to the internal mail server.
Recently, we've got quite a few complaints from various domains that
they can't sent email to us. The
Hi
I have a customer who purchased their own Proliant ML330 with dual ATA and
is trying to install SPLAT. According to
http://www.checkpoint.com/products/supported_platforms/hp_ml330.html, the
onboard dual ATA is supported, as long as you don't try and run RAID.
The customer only has a
17 matches
Mail list logo
