Hi Marty,
Try this:
deffunc user_accept_non_syn() { dport = your_port1 _or_ dport = your_port2 _or_
dport = your_port3 };
Notice the 'or' logical operator.
--
Zenari
Marty, Lukas wrote:
VPN-1 Pro
NGX R60HFA03
Dell Hardware
Allright,
I have a legacy application that sporadically
If you want VPN connectivity and personal firewall, but not
paying the cost of SecureClient, use SecuRemote (which has no
extra charge) for the first and ZoneAlarm free firewall for
the second... at least I can assure you Zone Alarm's Solution
is a lot more secure than Windows firewall.
Also Yang, don't you have a backup obtained from the firewall with the
CheckPoint upgarde_export tool, from before this whole mess occured??
Getting back something older could help a lot.
Regards
On 8/3/06, Yang Xiao [EMAIL PROTECTED] wrote:
Also, the support folks made me try cpclean and I
I guess I complained to the wrong checkpoint department, they only
pointed me to the regular HFA03 download on the web (upgrade only).
Anyway, my tech support guy managed to dig up the right CD and made me a
copy so I'm ok now.
Thanks!
Nico
On Thu, 2006-08-03 at 12:57 -0500, Marty, Lukas wrote:
Hi,
I'm trying to set a site-to-site VPN between CheckPoint VPN-1 NGX on
SPLAT and a FortiGate 60 device.
The VPN-1 has a public IP address while the Fortigate has a private
address and is hidden behind a broadband router with public IP address,
as described in the following chain.
NETWORK_A -
Hi,
Is the Fortigate 60 is static NAT behind the BB router? In other words, are
you
using static the fortigate External internface to a public IP via the BB
router or
are you using the BB router IP address as the VPN peering end-point on the
checkpoint side?
If you're using the
Hello,
Our users are connection via ISDN every 30 minutes in order to replicate
mails.
We want SecuRemote to ask only once a day for user/password. If asked
once it should silently reconnect even if the connection was closed
before.
In version 4.1 there was a setting of how long SecuRemote
Pedro,
I noted you wrote: Without any kind of inbound static NAT entries at the
broadband router,
I'm able to rise the tunnel as long it's the FortiGate to take the first
step.
So I guess the issue is your Fortigate goes out with the BB Router's
external IP and is that one what the CP firewall
We are running are running NGX R60 (HFA03) management station
(SmartCenterServer) on the Windows 2K3 server spk1.
Basic setup ext, DMZ, int.
My FW lic is tied to one internal ip address unlimited.
We have a separate internal subnet that is private. Can I add
another interface to the fw and
Yes this does work, as long as you define the interface as an internal
network on the firewall object. You cannot route between 2 external
interfaces.
HTH,
Rob Gault
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Moon,
Curtis
Hi,
Well routing between internal interfaces is free with CP. Yes indeed, free :)
Only if you want to route between two external interfaces you'll need
an unlimited license.
Kind Regards
Robby
On 8/4/06, Moon, Curtis [EMAIL PROTECTED] wrote:
We are running are running NGX R60 (HFA03)
Hi,
First of all, thanks for the help.
The VPN really worked with the static NAT on the BB router in my lab
environment. It hasn't worked before due to the order of NAT rules...!
But, in the real production environment, I'll not have the possibility to set
such rules on the BB router. The
Yes, with NG you can have up to 256 interfaces; NGX (at least on splat)
supports 1024. Make sure you do a get topo after adding the interface.
-GS
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Moon,
Curtis
Sent: Friday, August
Information Technology [EMAIL PROTECTED] wrote
Hi,
thanks for your answer, but the readme file says to install first fw-1
and than bc.
-- SNIP --
INSTALLATION PER PLATFORM
Windows Installation
Install the packages in the following order:
1. fw1
2. ng-bc - install on the
On Wed, 2006-08-02 at 14:18 -0400, Vincent Gosset wrote:
You can order a free CD upgrade kit from Check Point (version R60 with
hfa03):
https://www.checkpoint.com/GetSecure/MediaEngine?action=UP_OrderStart
No you can't. I did that in June and got R61 in stead of R60-HFA03. If I
try to order
I will give this a try tomorrow morning .
On 8/4/06, Andrej Skamen [EMAIL PROTECTED] wrote:
Is NOKIA box listening on port 18190?
Try netstat -an and check status for TCP 18190. It should be LISTENING.
If you peformed FW unloadlocal and you are still not able to connect,
than this is not
my bad, I did backup the checkpoint installation through voyager, but the
backup from the previous week was bad, so I have to go back to two weeks
ago, which is fine with me.
I have never done a restore using Voyager before, we ship our backups to a
remote FTP server.
Many thanks,
- Yang
On
Hello,
I am currently running NG FP3 Enterprise on SecurePlatform. I took a
spare PC and installed NG FP3 and duplicated the configuration by
installing all the same patches and restoring from a backup all
file, then I upgraded to NGX R61 Pro, not Express or Edge (which went
very well). I then
Hi Nico,
NGX R60 HFA03 should work. Make sure you use the NGX R60 HFA03 Media
Pack, otherwise you will have installation problems.
Regards,
Simon
Nico De Ranter wrote:
Anybody running Checkpoint on a Sun X4200? If so, which version and how
did you get in installed? :-)
Nico
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear guru's:
I'm having lots of trouble with user auth in ftp service (CHK R55).
It's very weird, we have an ftp server in the local network, this server
has a NAT to the Internet. I'he created a rule for a group using user
auth, and service
Hello,
I noted you have a resource associated with the smtp traffic on the rule you
described, as far as I understand, a resource is used when you have some
sort of extra feature, for example a gateway antivirus that will check mail
before it is passed to the mail server itself, but you do not
There are no differencies in processing mails between NG FP3 and R61 as
far I know. (I did several upgradesto R61 with no changes to SMTP
settings). It must be some access control setting mismatch:.
- check IP address of FW object in General tab (it has to be equal to MX
record IP)
- check other
22 matches
Mail list logo
