Hi,
Could we disable split tunneling for the Secure clients with my VPN
gateway running NG FP2?
Thanks in advance.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set
All, thankx for the info.But when u have a VLAN capable switch, you
will physically be connecting a single interface from the firewall to
the switch. How could the firewall then interpret that interface as
two separate subnets? can you point to any page having info on how to
configure this?
Yes. It's seen as out of state... Obviously if I disable the check on
stateful TCP packets the connection works...
-Messaggio originale-
Da: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Per conto di Charalambos
Klitiropoulos
Inviato: lunedì 25 luglio 2005 21.31
A:
Hi,
I have a windows management server and linux-based enforcement module with
clustering. I'm trying to setup the RSA authentication. On the RSA server,
should i add the agent host for management server or the enforcement module?
And the sdconf.rec file, i should copy where?
Thanks!
Leow
You only need an agent host for the enforcement module. No one will
authenticate through the management system. For a Linux based enforcement
module, put the sdconf file in /var/ace.
The RSA server can be pretty picky about communication so I would suggest
creating an agent host for each
Hi All,
We have checkpoint express installed on SecurePlatform and now willing to go
for SmartView Reporter Add-on, for the same we have tried to evaluate it
first.
Following things we have completed and faced problem as mentioned:
Task Executed:
1)We have observed SmartView Reporter add-on
I talked to our switch guru and this is what I got,
You could take two vlans and tag the traffic on the port. This
would allow you to run two vlans over one copper trunk. On the firewall
you would setup the same thing so it could disassemble it.
Does that sound about right?
Do you know what the location for the sdconf file is under Solaris
install of Checkpoint?
The manual just states var/ace. Is it just implying creating an ace
directory under /var?
Many thanks
Alan
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL
Correct...create the directory /var/ace
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Behalf Of Alan
Baker
Sent: Tuesday, July 26, 2005 9:58 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] SecurID Authentication
Do
The is a implementation guide from RSA. The address is
http://rsasecurity.agora.com/rsasecured
I recommend to look fot the checkpoint implementation with secure ID. I got
it from there, it's very helpful.
Best Regards,
Lino E. Avila
-Original Message-
From: Mailing list for
Yes, just create it.
-GS
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
Baker
Sent: Tuesday, July 26, 2005 10:58 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] SecurID Authentication
Do you know what
The IPSO guide tells you how to configure VLANs. Here is an example on
version 3.8:
https://support.nokia.com/security_platforms/docs/ipso_docs/3.8/IPSO3800-VoyRefGuide_N451044003a.pdf
Quick, Richard
U need to enable vlan tagging on the switch side, this will enable
multiple interface subnets on the same port and on the firewall side
it normally uses the concept of vconfig command in linux to create
multiple virtual vlan interfaces.
On 7/26/05, J Jayavenkatesh [EMAIL PROTECTED] wrote:
On 7/25/05, Gustavo Caetano [EMAIL PROTECTED] wrote:
We are configuring the functionality of the ISP Redundancy of
SecurePlatform NG55 and would like to know if somebody has some additional
documentation on this subject. Already we also read help of the product and
some papers. It
Hi, all
One of our clients has site to site VPN tunnel setup for software vendor
support access. The client runs AI R55 HFA-03 with simplified mode.
The client wants to limit remote access through the VPN tunnel for
compliance. The client has secureclient setup with MS-AD authentication
done.
apart from copying file to /var/ace directory on ur linux enforcement
module create another file sdopts.rec having contents as
CLIENT_IP=IP where IP is the IP address of the interface of
firewall with which u want to talk to RSA server. CP has problems
specifically in *nix platforms if u don't
Dear all
Does someone know if it's possible to prevent the property Check
Point SecuRemote inside the LAN settings from being unchecked from
local Admins? As I know from the Properties of the installed Novell
Netware Client that can be done, but how? We need this because our
Admins do
Disabling stateful inspection will convert a (expensive) stateful firewall
into a plain packet filtering firewall. Could there be a case of
asynchronous routing (where incoming packets take a different route than
outgoing)? Maybe a high availability configuration with non-working
On 7/25/05, Antonio Costa [EMAIL PROTECTED] wrote:
I have one site that have only dynamic IP access and the ISP couldnt get it
fixed.
In this scenario and not using a VPN-1 Edge, using a Juniper/Netscreen
unity, how
can i stablish a site-to-site VPN with Checkpoint NG R55 ?
If you have
I am setting up a site to site VPN using an Edge x16 to our checkpoint
firewall R55 (SPLAT). The VPN tunnel is up and all traffic is being routed
through the tunnel. Instead of allowing all internet http, and https
traffic to hit the firewall and be routed out to the internet, I need to
redirect
Could a similar setting be used for other RADIUS authentication as well? I've
found no way to define which interface NG R55 uses when talking to our Radius
server, and had to set up VPN tunnels on the FW object it self, something I'd
like to get rid of. If I could specify to use the internal IP
21 matches
Mail list logo