I sympathize with your desire to stay with an OS that you're more
familiar with, but would still recommend that you use SecurePlatform.
The installation and configuration of a SPLAT deployment is not
difficult at all, even for someone with no experience with Linux-based
OSs. If your budget is
Sorry, I haven't done that. I'm not sure how you would do what you're
asking about.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Oscar
Esquivel
Sent: Tuesday, December 29, 2009 10:05 AM
To:
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Peter Addy
Sent: Monday, October 12, 2009 9:43 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] New Windows SmartCentre to run NGX R65
Hi
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Peter Addy
Sent: Monday, October 12, 2009 9:43 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] New Windows SmartCentre to run NGX R65
Hi
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Hugo
van der Kooij
Sent: Wednesday, September 09, 2009 4:16 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] 2 T-1's
-BEGIN PGP
Congratulations!
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ruiyuan
Jiang
Sent: Tuesday, October 14, 2008 9:58 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Passed CCSE exam
Hi, all
I passed the CCSE
I haven't experienced the same coincidence. Maybe your timing is just
bad. :)
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Previtera, Sal
Sent: Friday, June 27, 2008 10:51 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
I've used this process to delete bunches of old policies (not the ideal, but
still faster than with the gui)
Warning: test this in your non-production test environment first, with a good
backup to fall back on. Your mileage may vary!
1: in expert mode, go to the folder where the revisions
We are using Intel gig nics in our SPLAT box. They are supported by
Check Point.
I don't recall doing anything special to get SPLAT to recognize them.
I do know that we installed them when we were running R54, and when we
moved to a newer version, they were still supported.
Perhaps you should
In the interest of being informative and helpful to the fellow members
of the list, I offer this little snippet out of the
CheckPoint_R62_SecurePlatform_SecurePlatformPro_UserGuide.pdf user
guide:
Backup and Restore
SecurePlatform NGX provides a command line, or Web GUI, capability for
conducting
Now this is an example of an informative and useful reply, good job!
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Paterson, Don
Sent: Thursday, October 18, 2007 11:42 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject:
With the firewall running (cpstart), and the policy unloaded (fw unloadlocal),
you need to confirm basic network connectivity, including making sure your
routing is set up correctly. I know that's pretty basic, but I mention it
because not doing so in the past has cause me lots of headaches
MRTG can monitor the items you've mentioned, with the possible exception
of the SMTP spooler. There's info on the MRTG site about using it to
monitor SPLAT.
Regarding your item 4, SPLAT is a pre-hardened OS, and CheckPoint will
not support loading extra stuff like BigBrother on it.
Even without
Hi,
What are some recommendations for training sites for Checkpoint NGX
other than the ones I can find on the CP website?
Are there courses available that are more than just pass the exam type
of courses? In other words, real-world types of training?
Thanks,
Kim
Yes, as another list member wrote, it is possible, and the best route is
to use the upgrade_export and upgrade_import tools.
Some extra info to note:
You have to configure your interfaces and routing on the SPLAT box
manually before doing the import, since the upgrade export/import tools
don't
Hi,
I have a SecurePlatform NGX (R62) Build 031 firewall.
I am trying to config a tagged VLAN on one of the interfaces.
If I use the command vconfig add eth6 199 it creates the vlan id for
that interface.
On my switch, I place the port with the firewall interface, and the
ports with the hosts
Of David
DeSimone
Sent: Thursday, June 28, 2007 11:15 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] vlans in firewall interface
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kim Longenbaugh [EMAIL PROTECTED] wrote:
I am trying to config a tagged VLAN on one
I believe you have the steps right.
-Export the config from the old box
-install SPLAT on the new box. Obviously, the new box needs to be in an
isolated network to avoid IP address conflicts.
-configure the interfaces and IPs to match the old box
-configure the other items you mentioned.
-import
Hi, Gil.
Thanks, to you. and to Checkpoint for listening to your customers and
keeping this list going! The list is staying, and ISO downloads are
back...two very much appreciated decisions by Checkpoint! Hip, Hip,
Hurray!
Kim
-Original Message-
From: Mailing list for discussion of
Your older licenses will not work with NGX R62. You have to upgrade
them. The licenses can be upgraded at the CheckPoint User Center. The
NGX R62 documentation describes the fact that you have to upgrade them,
and gives several ways to do that. See the
CheckPoint_R62_UpgradeGuide.pdf file.
Hi,
We have never utilized the VPN portion of the FW-1 product.
Now, there's a proposal to do that.
Is it possible to set up branch tunnels coming from a Nortel Contivity
VPN device and the FW-1, and from Cisco Pixs to FW-1?
The branches all have separate /24 subnets.
Of course, I will RTFM on
There are ftp, tftp, and scp clients available in expert mode on SPLAT.
They use the typical commands for those clients.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
Allen
Sent: Friday, February 02, 2007 5:58 AM
To:
Ethereal
Or CPEthereal
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
louis
Sent: Monday, January 08, 2007 8:42 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] sniffers
any recommendations on sniffers?
Hi,
We're using SPLAT NGR55.
We're planning to upgrade to NGX R62.
I know we use the upgrade_export tool to export the firewall policies
and objects, etc.
What files should I copy to get the routes and interface information so
I don't have to manually re-enter those?
Kim
Guru is out right now, but yes, you need to use binary mode.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Nick
Brandson
Sent: Thursday, October 05, 2006 7:20 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1]
The software available at the link below may serve your purpose, depending on
the version of the firewall you have.
http://www.wyae.de/software/fw1rules/
Kim Longenbaugh
Colonial Savings, F.A.
817-877-9573
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto
You've tried sending a message to
[EMAIL PROTECTED]
With this line in the body (not the subject!)
UNSUBSCRIBE fw-1-mailinglist
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Sent: Saturday, September 30, 2006 4:07 PM
Does the upgrade export/upgrade import take care of the routing and
networking too?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
Elsen
Sent: Tuesday, September 26, 2006 12:51 AM
To:
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] Behalf Of Kim
Longenbaugh
Sent: mercredi, 16. aout 2006 13:37
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Address Spoofing
Oops, I see you already suggested
Oops, I see you already suggested that...
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Christian ALT
Sent: Wednesday, August 16, 2006 5:52 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Address Spoofing
Try clearing the arp cache on the firewall.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of czar
Sent: Wednesday, August 16, 2006 5:53 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Address Spoofing
Hi All,
When you browse from behind the firewall, are you pointing to the same
IP address or are you using an URL?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
Hope
Sent: Monday, August 07, 2006 9:50 AM
To:
You can also gain console access by using Putty via the ssh terminal
session. Google for Putty if you don't have it already
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Bhavin
Gandhi
Sent: Thursday, May 18, 2006 2:38 AM
To:
Yep, people miss the part in the archives about that being copyrighted
material, and illegal boot-legged copies, and that CP gets a little hot under
the collar about it.
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On
Behalf Of Covington,
There's a file at checkpoint called upgrade_checker_B54119_1_linux.tgz
It has these files in it:
12/01/2003 11:42 AM59 build_number.conf
12/01/2003 11:42 AM 117,740 gtar
12/01/2003 11:42 AM18,335 gtar-Copying.txt
12/01/2003 11:42 AM48,448
Put unsubscribe in the BODY, not the subject, per the instructions at the link
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On
Behalf Of YĆ¼ce Esme
Sent: Friday, February 03, 2006 8:51 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
[mailto:[EMAIL PROTECTED] On Behalf Of Kim
Longenbaugh
Sent: Viernes, 20 de Enero de 2006 10:49 a.m.
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Migrating Smartcenter from Windows to Splat Platform
Run an upgrade_export on the windows host, build and configure your
SPLAT
Not to mention the fact that Checkpoint really, really hates it when you
install anything else on the Secure Platform
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Brummer, Steven
Sent: Wednesday, November 09, 2005 1:51 PM
Ok, one very good reason to use Splat at least for your enforcement
module is that the OS is already hardened out of the box, whereas if you
use W2K3 for the enforcement module, you will have to do all sorts of
things to adequately harden it.
Plus, like someone else mentioned, if you use W2K3,
yes
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
Montesano
Sent: Wednesday, October 12, 2005 10:38 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Upgrade_export/import
Just a quick ? Can I run
Make sure when you put the R60 Upgrade_export on your R55 system, that
you copy the libstdc++.so.5: file that came with it to the same
folder. That's been a problem in the past.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
1: your xxx.xxx.10.1 firewall external interface and the xxx.xxx.10.254
router interface are indeed on the same subnet. The router is a host on
the external subnet.
2: Check your anti-spoofing configuration for the external interface on
the firewall object (defaults to being called cpmodule).
The typical procedure for install the FW on windows is to make sure all
your routing works before you install the firewall.
So, before installing the FW, were you able to verify that routing
worked for all the interfaces?
-Original Message-
From: Mailing list for discussion of
If you have a Software Subscription with Checkpoint, you can contact
their tech support, and they will give you a link to download an image
you can use to burn a cd with the latest and greatest versions.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL
It's true that in most cases SPLAT would be the better choice over
Win2K3. The reason for that is, SPLAT comes out of the box hardened,
whereas with Windows, you have to do quit a bit to secure the box.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL
And budget, don't forget budget!
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Monday, August 01, 2005 8:40 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] FireWall-1 vs. other web application
Do you suspect the message to be something besides just annoying spam?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Meyers,
Duncan
Sent: Sunday, July 10, 2005 6:29 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject:
quite safe to drop the email into the bit bucket and
don't
forget to block Mr Shtang's emails forever!
Mike Hawkins
Office: 212-208-3888
Mobile: 917-887-3614
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Kim
Longenbaugh
Sent
You didn't get the memo?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Wayne
Ho
Sent: Thursday, July 07, 2005 1:04 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Check Point Books - New FTP Server
chris,
I've used the Intel dual card in SPLAT. The quad will work. It uses
the same drivers as the dual nic.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of no-need
to-list
Sent: Tuesday, July 05, 2005 1:38 PM
To:
Didn't CheckPoint send a cease and desist on distributing their
copyrighted material like this?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
G.Sivasubramanian
Sent: Friday, July 01, 2005 4:45 AM
To:
.
-Original Message-
From: Kim Longenbaugh [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 23, 2005 4:11 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] SecurePlatform, TFTP and backups
I know the versions of those servers I have will also do FTP. Just use
that (FTP
on the SPLAT box,
5) create a cron job on the linux to grab this file from SPLAT at 12am
via scp
It is much easier and secure to do it this way because you can even do
this across
the Internet with SCP.
Kim Longenbaugh [EMAIL PROTECTED] wrote:
Place the file on itself, then from the console
We have a small sister company that we have to provide a firewall for.
There's about 25 users there. We don't need to provide any VPNs.
I've looked at the CP home page and see the [EMAIL PROTECTED] 225 unit.
I also saw a SecurePlatform Basic for $500 list. To get more info about
that, I
I know the versions of those servers I have will also do FTP. Just use
that (FTP) and be done with it.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
Hope
Sent: Thursday, June 23, 2005 2:13 PM
To:
I'd guess it's due to the error in your route.
In your route table you have:
10.32.0/22 10.32.16.50CU 00
eth-s1p3c0
Shouldn't it be something like:
default81.246.22.209 CU 00
eth-s1p1c0
0.0.0.0 CU
I don't know about FW-1 on Linux, but for a Splat to Splat
upgrade-export-upgrade_import, I've never had to do a cpstop. I do have
to make sure there are no Smart or Gui clients open.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf
What was the fix?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Patrick
Marquetecken
Sent: Thursday, June 02, 2005 8:20 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Doing something compleetly wrong -
Make sure all the Smart clients and the web gui clients are closed. The
export doesn't like any of them being open.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Christian Franke
Sent: Tuesday, May 31, 2005 10:26 AM
To:
The backup process does not affect the rule base database. The file
obtained has all the configuration from your FW-1
You can restore the backup to another location and compare. You can
compare the databases.
Bottom line, it does work.
-Original Message-
From: Mailing list for
Is there a limit to the number of nics (other than the physical limits
of the server) you can add to SPLAT?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Jim
Johnson
Sent: Wednesday, May 04, 2005 10:33 AM
To:
From the command line, type cpconfig enter and then enter or confirm
the user you created is in both the Administrators list and the GUI
Administrators list
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of rif raf
Sent: Sunday,
Compared to the way the GnatBox firewall does things, even CheckPoint's
manual rules seem automagic
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Sascha
Picchiantano
Sent: Tuesday, March 29, 2005 10:40 PM
To:
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Sascha
Picchiantano
Sent: Tuesday, March 29, 2005 12:32 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Basic NAT question
Hi,
NAT has always confused me and
Try typing ./upgrade_export enter (without the quotes).
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Keshav
Sent: Wednesday, February 23, 2005 11:09 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1]
When I moved my SPLAT to a new machine, I did a fresh install of SPLAT
and hotfixes on the new machine, then used Upgrade_export and
Upgrad_import to move my policies, objects, etc.
I found that I still have to remove the licenses from the new machine
and re-add them using Smart Update.
I don't
I started to suggest the same thing but wasn't sure it would work with
CheckPoint Express. Is it?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Fabio
A. Bicudo Duarte
Sent: Friday, February 18, 2005 12:28 PM
To:
Try clicking the little widdershins pointed arrow in the tool bar, upper
left hand corner
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Polevoy
Sent: Wednesday, February 02, 2005 6:52 AM
To:
The Eprism by St Bernard does extremely well, but get the medium or
biggest box.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Fowler
Sent: Wednesday, February 02, 2005 10:33 AM
To:
Use the webgui
https://firewalladdress
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey
Engle
Sent: Friday, January 28, 2005 12:03 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Changing the password on
Try the rules documenter at this site:
http://www.wyae.de/software/fw1rules/
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Chandraprakash Suryawanshi
Sent: Tuesday, January 18, 2005 4:57 AM
To:
Actually, you're talking about an ellipsis.
An ellipse is a special kind of curve, see the link:
http://mathworld.wolfram.com/Ellipse.html
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Joe
Matusiewicz
Sent: Wednesday, December
I believe you will need to re-license if you're not using centralized
licensing and your license is based on the ip of the interface you're
changing.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Garner,
Annette K **BETH
Sent:
your NT boxes are wormy?
[EMAIL PROTECTED] 11/23/04 10:25AM
We have put some NT 4.0 box's behind a pair of IP-380's, we started doing some
testing of these apps to see if they worked through the firewalls.
They failed so for kicks and giggles I started going through the smart defense
This should solve that problem.
Mairtin
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Kim
Longenbaugh
Sent: 11 November 2004 20:09
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] nat question
We currently have the Nat configured
OK, at the risk of sounding stupid, which interface do you configure Hide NAT
on so your internal network can browse the internet?
Say you have an external interface, a dmz interface, and an internal interface.
Say you want hosts on your internal network to get to the internet, and you
want them
: the gateway back into your private network is
the external interface of your firewall. To get everything back to your
private network it has to be sent to your firewall, so everything coming
from it has to appear to be from that.
Hal
-Original Message-
From: Kim Longenbaugh [mailto:[EMAIL
Did you close all checkpoint clients like it said?
Is the firewall installed in the default directories that the upgrade_export scripts
expect?
Do you have enough disk space to do the export?
[EMAIL PROTECTED] 10/28/04 09:46AM
Any help on this error?
:\Program
ftp FROM the firewall to a server on your network instead of the other way around.
type ftp enter from the firewall expert mode console.
[EMAIL PROTECTED] 10/25/04 09:20AM
I ran a backup on my FW running splat. How can I get this backup off the
fw? I can't seem to find anything in the web
you can't ftp TO the firewall, but it does have a ftp client available in the expert
mode that allows you to ftp FROM it to a server connected to one of the subnets on the
fw.
Also, tftp fails for me with files produced by upgrade_export because of the size of
the file.
[EMAIL PROTECTED]
SPLAT is great!
It is easy to install,
it's easy to move your configs from your windows version the the new version using the
export/import utility,
it's fast (no windows overhead)
it's secure: as you mentioned, you don't have to worry about hardening the windows os
(or the Linux os
I can see the fnords!
[EMAIL PROTECTED] 10/05/04 05:43AM
Check SecureKnowledge!
Solution ID: sk26258
In HFA 04 the SSH package was hardened to prevent users with regular
permissions from copying files to SecurePlatform from the outside
Procedure:
In expert mode on SecurePlatform:
1) create
SPLAT is where it's at!
Easy to install, the OS is hardened out of the box, and it's easy to import configs
from other firewalls on different OS platforms.
Like Steve says, it's a piece of cake to install! Whoever told you different is just
wrong...
[EMAIL PROTECTED] 09/10/04 06:36AM
eh?
You probably did this already, but just in case...
The rule of thumb setting up a CP box is to first make sure routing works between all
the subnets before installing the Firewall. That way, if things don't work as
expected, you can troubleshoot on a networking level without having to worry
use the SmartUpdate gui or cplic print at the command line to see your license skus,
then look at CP's website to interpret them.
[EMAIL PROTECTED] 08/12/04 09:25AM
Hi,
How can i do to know if a Firewall is EXPRESS or ENTERPISE?
I tried with:
fw ver
cp ver
SmartUpdate
And nothing...only
I asked a Check Point support tech that question a while back, and they said apply the
HF if the issue applies to your situation. I don't know if that still holds true or
not, but I think it would.
[EMAIL PROTECTED] 08/10/04 09:20AM
Just curious...
Do you regularly keep your firewalls up to
What works best for me is to do an upgrade_export on my production server, do a
fresh install of SPLAT on my test machine, and do an upgrade_import on the test
machine. After that, connect to the test machine with SmartDashboard, and push your
policy.
You will need to add static routes back
back up the the conf folder with all files and sub-folders
regarding your other post, the minimum protocols are obviously tcp/ip and routing. As
far as services, you want the absolute minimum of services for the OS to run. There
are white papers on MS and elsewhere that describe hardening
big. Ive unzipped
it but can't seem to find which file. Should it be a .RPM? a .TGZ?
Date:Thu, 8 Jul 2004 07:26:06 -0500
From:Kim Longenbaugh [EMAIL PROTECTED]
Subject: Re: Splat patch attempt for R55W, TFTP issues..
ftp the package to your server instead of tftp and patch from
ftp the package to your server instead of tftp and patch from there.
or patch using the SmartUpdate GUI
[EMAIL PROTECTED] 07/07/04 03:27PM
I am running a distributed install with Windows R55 SmartCenter and Splat. I
want to upgrade my Splat to R55W, I just downloaded the
splatform_upg_R55w.tgz
There is a fix for the backup/restore utility on CP's website that corrects the
problem where certain stuff was not backed up.
An alternative is to use the upgrade_export and upgrade_import utilites to export out
your objects, policies, etc. You can then do a new install of SPLAT on your
The option you mentioned is supposed to back up everything. However, it's not meant
to use parts of the backup to restore to a different platform. My understanding is
that it's an all or nothing backup/restore of SPLAT only.
If you want to restore the rulebase and objects from a SPLAT box to
This is the long way around to get the info you want, but it's the only way I've found:
1: Set a filter in your log viewer to show only those drops you want.
2: export the resulting log to a file
3: import the file into your spreadsheet, which will give you the count.
[EMAIL PROTECTED] 06/29/04
Records and it will count them all up
for you.
-Shane
On Tue, 29 Jun 2004 07:16:29 -0500, Kim Longenbaugh
[EMAIL PROTECTED] wrote:
This is the long way around to get the info you want, but it's the only way I've
found:
1: Set a filter in your log viewer to show only those drops you want.
2
I can answer only part of this, the GMT offset part.
If you're not sure what the offset is for your area, double-click the time in your
windows task bar (assuming you're using W2k or XP), select the time zone tab, and it
should tell you your GMT offset. For example, Texas is GMT-6
Depending
I'm haven't used the imaging tools in SPLAT to do what you're talking about, but in
discussions with a CP tech about making a backup firewall, he suggested a different
and likely less problematic method.
He suggests using the export/import utility provided.
First, run the export utility against
It is possible, and there are no special operations necessary other than making sure
your rulebase allows the virus definition updates either from NAI or from your own
repository, like EPolicy Orchestrator.
You can monitor what files get scanned by the on-access process using the on access
scan
How about a save as..., give it a new name, then re-apply the policy?
[EMAIL PROTECTED] 05/03/04 11:30AM
Folks, just one question:
How to rename already installed NG-AI rulebase policy safely?
Best regards,
Roman M. Zeltser,
@National Computer Center
revoke his vpn access?
[EMAIL PROTECTED] 03/08/04 05:48AM
Hi all
We use secure client for remote access connecting to our 2xNokia IP350 NG
FP3. I have a `problem user` who after much looking around the internet has
found the checkpoint secureclient client exe and has proceeded to install it
on
Per the documentation, to make a telnet connection you need a client like SecureCRT,
or other secure client. You can download trial or shareware versions of several from
your favorite download site like Tucows, etc.
You do not need to install anything on SPLAT to do this.
[EMAIL PROTECTED]
1 - 100 of 106 matches
Mail list logo