Hi ,
I'm curious, what is the default mode SPLAT HA is in broadcast or multicast?
Colin Choo
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-
[EMAIL PROTECTED] On Behalf Of Previtera, Sal
Sent: Friday, September 17, 2004 1:39 AM
To: [EMAIL PROTECTED]
Has anyone had any problems setting up site to site vpn's on the above
version of checkpoint, running on Windows 2000 Sp4??
I can't seem to get the VPN's working. It's a fresh build as I'm
upgrading from Checkpoint 4.1!
Regards
Dave Hornby
=
To
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
Why should the packet come with an source address == firewall interface ?
I think it should read : Any -- 192.168.0.2 TCP/25 : Original --
Original Original
- --
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be
Hello all,
I have a little problem with my NAT rules and I just can't figure it
out.
My network looks like this :
Internet 10.10.1.10 --- 10.10.1.2 firewall 192.168.0.1 192.168.0.2
PROXY (dmz)
|
|
I seem to have lost the option to choose a policy server when setting up
a profile with this client. This causes an issue when the policy server
is not located on the VPN gateway. Has anyone experienced this same
problem? Thanks, Gary
=
To
I have done the following with no change it shows in the logs as going
up and down, but never any certain time when this happens:
Set it to broadcast both modules
Swapped out cables
Switched ports on switch
Switched ports on hub
Changed nic cards
Recycled both modules
Changed priority to
We're just built a management server running splat and R55 HF04 and it
seems our ssh and SmartDashboard sessions times out after after less than 2
minutes of inactivity (sometimes less).
This is a real pain as it locks us out of the SmartDashboard, because it
still thinks the previous session is
Ok, I'll try this.
I'm confused about this because I'm migrating from a whatchguard Firebox
III and the NAT rules that I applied on my checkpoint are the exact copy
of the one I had on the Firebox.
Thanks anyway!
-Original Message-
From: Jean-Francois Gobin [mailto:[EMAIL PROTECTED]
Multicast
Regards,
Torkel
-Original Message-
From: colin [mailto:[EMAIL PROTECTED]
Sent: 17. september 2004 08:07
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] FLAPPING CROSSOVER
Hi ,
I'm curious, what is the default mode SPLAT HA is in
broadcast or multicast?
Colin Choo
hi,
with the SPLAT-version I don't have problems but I have no experience with
fw1 modules on windows ...
cheers
reinhard
At 11:10 17.09.2004, you wrote:
Has anyone had any problems setting up site to site vpn's on the above
version of checkpoint, running on Windows 2000 Sp4??
I can't seem to get
You are welcome Torkel,
The preference will be Multicast, since it is not Broadcast(ed) on all your
interfaces, in ours we have 7 different interface handling different type of
traffics from various vendors, VPN, DMZ, etc
With Multicast, the NIC has to join a Multicast group in the Switch.
All,
I am trying to connect a SPLAT machine to our DSL and am not having much
luck. The best I can get out of the status screen is connecting. I
have tried doing a tcpdump on the interface and I am seeing PPPoE receive
information so I know that the card can see the modem. I don't see the
Higuys.
The question today is:
Can i to connect from a subnet A to other subnet A (same subnet local and
remote) with SecuRemote?, without to use Office Mode.
subnet A-INTERNETFW-1-subnet A
Saludos,
Mateo Cabrera - Soporte Tecnico
Security Advisor
www.sadvisor.com
Hi,
Perhaps a dumb question:
How do I enable TCPT on a CP FP3 (on nokia IPSO 3.7)? Is it even possible?
I've been searching all over in the GUI, help and CP knowledgebase, also on
several different website about CP but I don't have any clue on how to even
turn it on...
I have found 1 document
Hi all,
I am currently in the process of deploying Intruvert's (aka NAI, aka McAfee)
IPS, specifically the 2600 series sensor, on my network. We've been running
in inline mode now for about two months. So far, the results have been
good. At this point, I am interested in implementing the
Hi Matt
Could you perhaps share some of those bugs with this list?
We have several issues with Cluster-XL. We seem to have
fixed some of them, but I'm not sure about all.
We also have a problem where we only can ping hosts when we
actually snoop/tcpdump on the interface. As soon as we stop
No. Our problem seems to have been fixed, but i didn't
install HFA08 because I couldn't see that any of the
fixes applied to us.
Which fix did you have in mind really?
Regards,
Torkel
-Original Message-
From: Claudia Cordova [mailto:[EMAIL PROTECTED]
Sent: 16. september 2004 20:54
And the answer is: No.
If SecuRemote is on a machine that has an IP address inside the
encryption domain, it will not even attempt to encrypt anything. The
only viable solutions are:
- Re-IP the remote machine
- Buy SecureClient licenses and use Office Mode
Regards
Thorsten Behrens
Senior
Yes, you can.
It needs to be setup as DHCP but you need to configure PPPOE as secondary IP
address either thru the web based SPLAT
https:\\yourgatewayaddress
Then go into NETWORKING, then CONNECTIONS then Highlight your EXTERNAL
INTERFACEtoward the bottom of the screen look for Select TYPE
Hi Alan,
In the VPN-1 manual (PDF file), check out the ipassignment.conf file. If
you're using SecureClient and Office Mode, you can assign a particular
Office Mode IP address to a particular user account. Then you can add that
Office Mode IP address as a GUI client. Works on a Windows management
We have 2 Nokia IP440 located at different sites, one is running NG FP3 (on
IPSO 3.7 build 023), the other running NG with AI R55 HF04 (also on IPSO
3.7 build 023).
l'm looking for some documentation or information on how to set up a VPN
tunnel between them.
Thanks in advance,
Alan.
Alan C. Choyna
Almost forgot.
Is this command stick so that it will continue to use broadcast
mode even after I boot the firewalls ?
Regards,
Torkel
-Original Message-
From: Previtera, Sal [mailto:[EMAIL PROTECTED]
Sent: 16. september 2004 19:39
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] FLAPPING
Hi, all
We have a client has a need to access their internal MS Exchange OWA email
server from Internet. One option that we can think of is to use CheckPoint's
(NG FP3) built-in Proxy capacity to accomplish this instead to buy a
dedicated proxy server to access MS Exchange's OWA. Has anyone done
Yes, the commands will stick after reboot.
It will be using broadcast until you change back to multicast.
I am using SPLAT too.
Regards,
Sal,
-Original Message-
From: Torkel Mathisen [mailto:[EMAIL PROTECTED]
Sent: Friday, September 17, 2004 9:52 AM
To: [EMAIL PROTECTED]
Subject: Re:
Somebody knows if there are some difference between the $FWDIR/conf folder
in R54 and R55? (On STAND ALONE SecurePlatform environment).
The question is because if i try to remove the files: rul* and obj*
(pertaining to the folder conf) on R54, i can deny the access to the FW-1
via GUI clients,
But i only can to controllate ONE firewall...!!!
Imagine that i am the president of a company, and i going to travel, and i
located in a hotel with the same subred that my LAN on the company (the
target subnet).
My remote connection to Internet may be a proxy, a nated router...or a
firewall (with
hi,
why don't you upgrade R54 to R55 - then the configuration will be
updated too.
or if you move to another hardware use the config_export and
config_import tool.
cheers
reinhard
))) Message sent using Nokia One Business Server (((
))) Internet Security AG - www.internet-security.ag (((
yes...but i don?t want OFFICE MODE and SECURECLIENT is very expensive for 2
users (the minimal licence for SecureClient is 25 users i guess so)
And how did explain before this will be to GERENCIAL use, the president of
the company don?t know to change the IP settings...you know...
Saludos,
Mateo,
But i only can to controllate ONE firewall...!!!
[... Boss traveling ...]
What can i do?
Several things. Most important ones first:
a) Calm down.
b) As amusing as it is to see you write But I don't want to! :), start
thinking technical possibilities, business case, cost, and so on -
Hi Gurus..
I have client running AS/400 attempting Passive FTP to Unix server, and not
able to do get and delete functions.
Has anyone faced this problem ?
Thanks and Regards,
Ganesh
=
To set vacation, Out-Of-Office, or away messages,
send an
Make sure you have multicast enabled on the Switch. You may
also need to enable IGMP.
On Fri, 17 Sep 2004, Previtera, Sal wrote:
You are welcome Torkel,
The preference will be Multicast, since it is not Broadcast(ed) on all your
interfaces, in ours we have 7 different interface handling
Hi All,
I have a Provider-1 management server (NG+AI R55) running on Solaris 9
machine and one object that was created sometime in Global Policies was
removed from the Global SmartDashboad. The problem is that the object is
still in SmartDashBoad on CMA Policy and I can´t remove it, because it is
32 matches
Mail list logo