Hi list,
I have been getting messages like this on /var/log/messages:
Nov 23 11:49:21 firewall kernel: cpas_tcp_pass_data: asked to transfer 112
bytes which is more than in q(111)
These logs repeats every 5 seconds or so with differing byte values and I
can not find the cause for these
Hi Gurus,
I have difficulty trying to link Edge to Smart Centre. The error message
is The Service Center did not respond.
I'm using XU with 5.0.92 image and R60 Express. According to
documentation the communication between Sofaware embedded appliance,
like Edge, and Service Centre, SC
Hi all,
Have anyone ever happen to find any docs on SecureServer installation,
configuration etc. ?
Lucky ones, could you please give me a link.
Thanks,
Andrey.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL
Hi Neil,
yes, I'm sure I mean SecureClient. When istalling SCl on a special
Notebook, the machine is freezing during install.
Best regards,
Matthias
Neil Kemp wrote:
Did not actually know there was one ? You sure you mean SecureClient and not
SecurePlatform ?
--
AERAsec Network Services and
You need to run this in the root login at the local console. if you
telnet you might only get the admin login cli interface where u can't run
this command...
On 11/22/05, Zubair Jalal [EMAIL PROTECTED] wrote:
Hi.
Thanks Reinhard My gateway is Nortel Alteon. How to run this command
Hi,
does anybody know where to find a hardware compatiblity list for
SecureClient for Microsoft Windows?!
Thanks in advance,
best regards,
Matthias
--
AERAsec Network Services and Security GmbH
Wagenberger Strasse 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de
Hi All,
I have a problem to connect with the GUI client to our management system.
We run NG AI R55. The management system has my ip-address in the cpconfig.
When I try to connect I have the following message.
Connection cannot be initiated.
Please make sure that the server is up and running and
Did not actually know there was one ? You sure you mean SecureClient and not
SecurePlatform ?
On 23/11/05, Matthias Leu [EMAIL PROTECTED] wrote:
Hi,
does anybody know where to find a hardware compatiblity list for
SecureClient for Microsoft Windows?!
Thanks in advance,
best regards,
I haven't done this on R60 yet, but assuming it's the same as R55 there
are a couple of bits to check:
Firsly, ensure the SMS service is started. If management server is
Windows/Solaris type smsstart at a command prompt. Need to be in
expert mode if SPLAT.
Also, check out SK30202 on the Check
Do you have your ip address configured to be able to connect to port 18190
to the firewall in the firewall rules? That is Management Interface port.
Cheers,
Kerem
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-
[EMAIL PROTECTED] On Behalf Of
-Original Message-
From: Hondebrink, Marco [mailto:[EMAIL PROTECTED]
I have a problem to connect with the GUI client to our
management system.
We run NG AI R55. The management system has my ip-address in
the cpconfig.
When I try to connect I have the following message.
Sms won't start on my Windows XP SP2 Smart Centre due to the following
error:
(this might be not fully exact translation from my language but I hope
the meaning is correct) sms.exe - Couldn't find entry point #139 in
the DLL LIBEAY32.dll.
Whereas on SPLAT it started just fine and I was able
At 11:46 23.11.2005, Andriy Malyuk wrote:
Hi all,
Have anyone ever happen to find any docs on SecureServer
installation, configuration etc. ?
secureserver is like a normal firewall gateway ... but in has only
one interface... in the fw1-gui you have an object checkpoint - host
...
Hi everyone,
is there any documentation on sicRenew (comes with CPshrd package) or
sic_util (comes with CPfw1 package) available? So far I had no luck searching.
Greetings
Jens
=
To set vacation, Out-Of-Office, or away messages,
send an email to
I thought I'd follow myself up since I've had a couple of responses OOB.
The address cut over without a single problem. Everyone stayed
connected, nothing crashed. An ancient evil did rise from the watery
deep but I gave it some coconut shrimp and it was cool.
--
be - MOS
Innovation is hard to
The machine is only a management system, so there is no envorcement module
on it.
Regards,
Marco
-Original Message-
From: KEREM ERKAN [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 23, 2005 2:53 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] GUI
Hi,
we had some trouble with sic at one of our firewalls and stumbeled
over the two commands (sicTABTAB ;) during troubleshooting. I was
just curious what they'll do.
Jens
at 23rd of november 2005 at 15:07 you wrote:
hi,
there is: sic_util - sk11365 @ checkpoint's knowledge base
but -
Hi,
I have my ip-address configured via the cpconfig.
We also had an implied rule that allows gui access.
At the moment nobody can connect with a gui client.
Regards,
Marco Hondebrink | BT Global Services | Mob: +31 (0)6 21277174 | Tel: +31
(0)546 543 432 | E: [EMAIL PROTECTED] |
hi,
the easiest way of setting up SIC is using the GUI and cpconfig. if
this does not work check
- date/time
- ports
- routing
with some OPSEC-products you have to setup SIC manually and this is
more challeging than I should :-)
cheers
reinhard
At 15:26 23.11.2005, you wrote:
Hi,
we had
Hi Reinhard,
secureserver is like a normal firewall gateway
totally agree on this.
... but in has only
one interface... in the fw1-gui you have an object checkpoint - host
... everything else is the same.
are you sure about that? Afaik the secure server can be multihomed,
but does not route
One SIC problem i had was with a multi-tier firewall topology
the managment module was behind both firewalls
MGMT--FW-1 -- FW-2
the implied rules allow SIC from the MGMT--FW-1 but i could not get SIC to
work between MGMT and FW-2 until i figured out you had to explicitly allow the
SIC traffic
hi,
there is: sic_util - sk11365 @ checkpoint's knowledge base
but - why do you need that?
cheers
reinhard
At 14:35 23.11.2005, you wrote:
Hi everyone,
is there any documentation on sicRenew (comes with CPshrd package) or
sic_util (comes with CPfw1 package) available? So far I had no
At 14:44 23.11.2005, you wrote:
... but in has only
one interface... in the fw1-gui you have an object checkpoint - host
... everything else is the same.
are you sure about that? Afaik the secure server can be multihomed,
but does not route any traffic. All IFs appear as external and of
Are you on the same subnet with the management system? If there is a
firewall between you and the system, that may be the problem.
You can try telnetting to the port 18190 to see if you can connect it. If
you can connect by telnetting but cannot connect via GUI, there may be
something broken, you
Hello Everyone,
Has anyone else experienced this problem with NGX VPNs on Nokia IPSO 3.9-041?
tcp high port
service object is
included in VPN rule but the ports are not passing over the tunnel unless
explicitly added to
the rule.
--
Rick Centner
Test message.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf
Of KEREM ERKAN
Sent: Wednesday, November 23, 2005 10:51 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] GUI connection problem
Are you on
hi,
you can try to install the latest libsw-files on your smartcenter
server, reboot and look if SMS is up then ...
we had that on a W2K3 server ...
cheers
reinhard
At 18:26 23.11.2005, you wrote:
Maybe NGX is different, but I know earlier versions required the
server version of Windows on
I faced the same problem. From Cpconfig...just go to Keys hit session..just
type in a lot of keys and click ok...i suppose a new certificate gets
generated...
worked for me...
From: Mailing list for discussion of Firewall-1 on behalf of Rick Centner
Sent:
Maybe NGX is different, but I know earlier versions required the server
version of Windows on the SmartCenter.
Ray
From: Andriy Malyuk [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To:
Where are the correct instructions on updating SPLAT R60 libsw files?
http://server.iad.liveperson.net/hc/s-9995810/cmd/kbresource/kb-439403556783
1549501/view_question!PAGETYPE?sf=101133documentid=57138action=view says
to update Installation Folder]\opt\CPfwbc-41. However on my SPLAT NGX
HFA01
I have a rule to block MSNMS, MSN_Messenger_File_Transfer, MSNP,
MSN_Messenger_1863_UDP, MSN_Messenger_5190, MSN_Messenger_Voice together
with SmartDefense. The MSN traffic is still going through.
Any suggestions? Thank you.
Bernard
=
To set
Hi Michael
Am glad to hear that it fixes it! To make it permanent you need to follow
these steps on SecurePlatform...
Edit $FWDIR/boot/modules/fwkern.conf file using vi or text editor to add
line fwtcpstr_max_window=65536 and you should be happy.
Mate
From: Geiregger Michael [EMAIL
I did a new install of R60 on a new Sunfire V120 Solaris 8 and now when
it comes up, I get four entrys
/usr/ucb/expr command not found
I do not see anything in a /usr/ucb, but I do see it in /usr/bin
I partitioned the disk with
/
usr
opt
var
The disk is an 80 GB disk so there is lots of
Rod Hughes said:
I did a new install of R60 on a new Sunfire V120 Solaris 8 and now when
it comes up, I get four entrys
/usr/ucb/expr command not found
I do not see anything in a /usr/ucb, but I do see it in /usr/bin
I partitioned the disk with
/
usr
opt
var
The disk is an 80 GB
Hello,
This happens sometimes when you dont notice Mgmt Server is not running.
Please do a CPRESTART and then type fwm. If you notice any errors..chances
are probably Checkpoint Files are corrupted. TRy to restore from the backup
and then try fwm command.
Second Option:
Use cpconfig to add your
Hi all,
We plan to replace a standalone installation (IP440 RG55) with two IP380
running IPSO clustering (probably 3.8). For the moment we have not
decided the cluster mode they'll use: forwarding mode or multicast (with
or without IGMP snooping).
My first question is about the multi-addressed
36 matches
Mail list logo
