Hi,
After fix some ports, here is what I have put in CP FW1 R55 (HFA12 when
Windows server was put inside DMZ) to allow Windows 2003 Server to discuss
with Active Directory Controllers :
dns
http
Kerberos_v5_TCP
Kerberos_v5_UDP
ntp (because Active Directory Controllers are also my Time servers)
Hi guys,
for a few days now i got two error messages in my SmartView Tracker about every
10 minutes:
- PS: Your Policy Server license is limited to 100 users. Contact your
reseller.
- PS: less than 10 percent license free
I have about 260 SecureClient user. But my reseller said, that this
Hi everyone,
I'm currently testing SecureClient with a Policy Server and Software
Distribution Server (SDS) on the same FW1.
I'm using SecureClient in Office Mode with a IP Pool.
SecureClient have problems to access to SDS Server while it is disconnected.
I see log into SecureClient Diagnostics
Hi David
As everyone has mentioned RPC uses dynamic ports so you'd need to open
135/tcp and at least the ephemeral ports (1024-4999) if not all high ports
above 1024, however this is a bit ugly and turns the firewall into swiss
cheese.
A better alternative would be to let the firewall do
Hi,
I am having checkpoint NGX with simplified VPN. No due to some problem with
NGX when I am trying revert it back to Checkpoint R55 it's giving me
following error.
Files\CheckPoint\NGCMP\conf\GNR_Simpified_NGX_070905.pf, line 26931: ERROR:
mismatch table key length in table vpn_routing
Hi Grp,
We got too often Reason: SIC Protocol Error [ SIC error no. 300 ].
error when we try to load our firewall (SPLAT R55 HFA13) . We figured
that it was because of /etc/hosts file changes. So we correct this hosts
file as it must be. And install the firewall, but the problem continues.
Hi all,
i am trying to setup a vpn for securemote clients. My firewall is a
NGX HF02 under RHEL 3. This firewall is natted by ADSL router. Under
Smartcenter server I have activated UDP encapsulation (NAT traversal)
to establish vpns betwwen natted securemote clients and this firewall.
Well,
No, that is the strange part; nothing is showing up in the logs. The
logs show the connections were accepted, no drops or blocks!
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Reinhard Stich
Sent: Thursday, February 16, 2006
ASF aslo runs on linux 7.3 even if we gain shell and do the same it returns
an error maybe if you had access to an ASF you could check..the VPN tu runs
fine otherwise for all other olatforms
Thanks
On 2/17/06, Ramki Security [EMAIL PROTECTED] wrote:
I have tried it on Unix. Not on ASF...Ramki
I currently am running IP700 using IPSO cluster configuration.. We are
moving our production data center and I have run into a major issue.. I
have configured the NOKIA IP350 exactly, as far as I can tell, as the IP700
but I am unable to get to the external network and therefore have been
Hi,
Use gui-dbedit and change this parameter to true:
userc_IKE_NAT
install the policy and it will solve your problem.
cisco4ng
carlopmart [EMAIL PROTECTED] wrote:
Hi all,
i am trying to setup a vpn for securemote clients. My firewall is a
NGX HF02 under RHEL 3. This
Is it possible to register the secureclient hostname with active
directory DNS when using R55. I have been attempting all sorts of things
to get this to work but with no luck. I have the secureclient obtaining
its IP address via Relay from Microsoft's DHCP server and it doesn't
pass the
All:
... maybe a mispost to the checkpoint list, Idunno ...
Checkpoint FW1 v4 (192.168.1.1) won't forward packets to an internal network,
172.16.21.0
route add 172.16.21.0 mask 255.255.255.0 192.168.1.100
the gw of choice ( 192.168.1.100) is an hp9308m switch, altho' I don';t see an
issue
Hi,
WE have a VPN running between ASF 6000 series and another ASF cluster .The
VPN frequently drops and stops functioning from one cluster side to
another(Ping times out) we always see a drop for ESP service and Warning
:IKE replay attack
Appreciate suggestions on resolving the same
The
Hi
Can someone please assist me or point me in the right direction.
I have managed to get all my Nokia firewalls to be polled via snmp Nokia mibs.
however just one pair of firewalls left runing IPSO 3.6, snmpwalk -c string
localhost works fine, however i do this from our HP
I have tried it, but does not work Any ideas?
cisco4ng wrote:
Hi,
Use gui-dbedit and change this parameter to true:
userc_IKE_NAT
install the policy and it will solve your problem.
cisco4ng
*/carlopmart [EMAIL PROTECTED]/* wrote:
Hi all,
i am trying to setup a vpn for
hi,
maybe it's just the new mac-address and you have to clear the
arp-table of the router/switch?
cheers
reinhard
At 14:04 17.02.2006, you wrote:
I currently am running IP700 using IPSO cluster configuration.. We
are moving our production data center and I have run into a major
issue.. I
If changing the userc_IKE_NAT value didn't solve your problem, then I'd
suggest you get an fw monitor and an ike debug from the gateway. With the
ike debug you'll be able to see where in the process IKE fails and why. You
might be able to see from the fw monitor which packet IKE fails with.
1)
There is nothing ouside of voyager that you need to set to get routing to
work.
if you do an fw unloadlocal it removes the default drop everything policy.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The client has no way to know what IP you are natting the FW too since
it is natted by a different device. I do not know if this works in NGX
but with 4.1 you can change the IP here... : (VPNHome.isildur
:obj (
:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Better yet check out CP res. sk11682
- -GS
- -Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of chkp
tech
Sent: Friday, February 17, 2006 2:41 PM
To:
I have tried to change private IP published by fw for public router IP
in Userc.C Securemote client config without success. When cient
connects to fw, userc.c is overwritted.
gary, i find this morning this solution from checkpint's website, but
I can not have enterprise acces. Can somebody
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Te res says to add the natted IP to your topology for the FW and enable
dynamic interface resolving for remote VPN clients.
- -GS
- -Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
Do I need to setup real public IP under fw topology as external
inferface? And on firewall's general tab too? i don't find dynamic
interface resolving option ...
thanks.
Gary Scott wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Te res says to add the natted IP to your topology for
Your reseller is wrong. SecureClient is licensed by total users, not
concurrent users. Seems to me it counts the number of users in the group
that is allowed to logon to the policy server. Do you have 260 in that
group?
Now Connectra, their SSL VPN system, is licensed by concurrent users. The
Hi Fabrice,
The solution is to forget about SDS. It's no longer a part of the system
starting with NGX, probably because Check Point now supplies .MSI files.
You're trying to make something work that you cannot use in the future.
Ray
From: Fabrice BARUTEL [EMAIL PROTECTED]
Reply-To:
26 matches
Mail list logo