I agree fully with Hugh on the weight distribution based on the rule
(meaning distributed by protocol) however my concern was why 50Mbs when the
link was 100Mbs?
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as
I believe that the only admin that can kick out other admins is the one
configured with cpconfig, it has a gold crown and the ones with white crowns
(with r/w) privileges can not directly kick the others on login.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San
fwm lock_admin -ua
Removes the lock from administrators that have been locked out of the SCS
because of excess failed logins. -ua does all of them -u admin_name does
specific ones.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
If you go to expert mode and then vi /etc/passwd and replace cpshell with
bash you wiil be in expert mode when you log in as admin.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream
BTW..I have modified scanalert.pl to work with NGX notification messages.
If needed I can make the parsing code available the rest stayed the same.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and
fw sam -t time in seconds -i subsrv src ip netmask dst ip netmask
service protocol
like
fw sam -t 3600 -i subsrv 192.168.1.1 255.255.255.255 172.16.1.0
255.255.255.0 22 tcp
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men
Successive Multiple Connection are reached?
Giacomo
- Original Message -
From: Roger P Herr [EMAIL PROTECTED]
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: Thursday, May 03, 2007 2:22 PM
Subject: Re: [FW-1] R55 Blocking connection
fw sam -t time in seconds -i subsrv src ip
Goto the advanced tab on the FTP service object and change the protocol to
FTP-Basic this will stop the carriage return problem, but still keep FTP
protocol checking.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: Wednesday, May 02, 2007 5:32 PM
Subject: Re: [FW-1] FTP: Port command ended without a new line error
Sorry for not mentioning before but this occurs with the FTP-PASV
protocol.
Does your recommendation still apply?
ALan
At 03:59 PM 5/2/2007, Roger P
Did you make a rule to allow syslog (514) to your management server
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
I do not believe GVRP is supported on Cisco switches but is supported on
Nortel and Enterasys switches. Cisco uses VTP to accomplish the same
function which is to distribute VLAN information between switches for VLAN
membership.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite
You could get the CPRules.pl
(http://www.wormnet.nl/cprules/doc/CPRules.html) It reads the
configuration files (rulebases_5_0.fws and objects_5_0.C) and creates html
files with ALL the properties, so it should be able to define all of the
data structures.
Roger Herr
WhyNot? Consulting
Have you thought of using VMWare, creating a Virtual Machine load up
SecuRemote and use that until the switch over
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never
My userdefined alerts just stopped working completely. I get the alert in the
log that says the rule was processed but no userdefined?
Windows Management Server/R61.. I'm running ActivePerl with a bat file
generated by ActivePerl to fix the STDIN issues.
Roger Herr
How did you get it to work???
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
-Robert F.
You could enable TCP keep alive. Each OS has it's own way of doing it.
See:
http://www.tcpipguide.com/free/t_TCPConnectionManagementandProblemHandlingtheConnec-3.htm
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things
Or the NEW Ethereal called WireShark.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
I believe that the SNMP-READ drops are caused by someone attempting to do an
SNMP set.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
Can anti-spoofing be configured on an Edge box so they do not show up in Smart
Defense?
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
The command would be fw log.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
-Robert F.
Edit the User Authority and accept any HTTP server OR go to the Global
Properties -- Firewall Properties -- Security Servers and identify the
acceptable Web Sites
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as
Well JasonCheckpoint has a VMWare appliance available from both their
web site as well as VMWare's. This appliance is not meant to be a
production product but is supported for testing.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
Once the file is rolled you can copy it (and it's pointers) any where you
want for further processing. True SCS can not use it but other scripts
could. On Nix's create a symbolic link for $FWDIR/log to wherever the logs
should be. On Windows create a new registry a new string value of
Send your email address to [EMAIL PROTECTED] and I will send
you fwparp.zip
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
HTTP URI Resource object that has the 69.50.160.0/19 address in the wildcard
field of the Match tab and the new address in the redirect field of the
action tab. Then create a rule with resource and action reject.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San
Create a dynamic object (network object) and use dynamic_objects command
line utility to put the cider blocks of the countries you want to block.
Create a rule (like rule 1) that has this dynamic object as the source and
drop as action, maybe even log them if you want to see how much traffic
create a manual no NAT rule. that would be
Original Packet
Source Address - Internal
Destination Address - DMZ
Translated Packet
Source Address -Original
Destination Address - Original
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Tom
I believe it can be configured on the Cluster Object in the ClusterXL tab as
the Fail-Over Tracking.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and
It appears that the new - requires tech support contract is required for
this SK. I am just a lowly CheckPoint instructor who would like to have the
knowledge and no need for a tech support contract. Could someone provide me
with the information or possibly a copy of sk23208.
Thanks
Roger
Use the fw sam command and -t 1 which will block the sender for 1 second
forcing it off line and a need to re-connect
fw sam -t 1 -i src xxx.xxx.xxx.xxx
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are
Check into www.modsecurity.org for HTTPS security
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
I know there is a port number to HTTPS to on the Management Server to access
the ICA, but for the life of me I can not remember it nor find it in any of the
documentation I have at hand. Could someone please provide me that information?
Roger Herr
I did notice that they are all FP3 and not NG-AI courseware. Also that the
CCSA had the wrong diagrams in about half of the manual.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream
If you look at the server properties with the Object List window you will
see a column that says match to Any. The protocols that are marked No do
not match for any, this also includes X11.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
rules are matched according to 4-tuple as follows: protocol type (so limit
rules with more than one protocol, split them up); service (limit number of
services in a rule, any is inefficient basically being a list of all services
first); destination (limit number of destinations in a single
Actually, I believe you are both correct and incorrect. I believe it is
used to check the state of HA members on all interfaces and for sync on the
sync network.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they
Am I missing something.Everyone has been mentioning IPSO and Cluster XL
in the same sentence, I thought that on an IPSO platform you used VRRP for
HA and IP Clustering for LoadSharing and Cluster XL was for HA and
LoadSharing on a NON IPSO platform like SPLAT or Solaris, etc?
Roger Herr
-
You can do a automatic static nat on the Network Object
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say Why Not?
How would one generate a SNMP trap when the Active/Active goes down, outside of
having the OS generate the trap. In otherwords can the SmartCenter Server (R54
or R55) generate traps when the HA Cluster XL does the switch over?
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite
39 matches
Mail list logo
