Hi all,
One of my customer have a VPN with Checkpoint R62 and CiscoASA, phase 1 and 2
negotiation are ok... the tunnel established fine with no errors... but after
several minutes the tunnel go down. The odd thing is that in Checkpoint side i
don´t see any drop packets... in the Cisco side the
Hi, one of my clients have a FW1 R62 on IPSO 4 with SecureXL, they´re using an
internal software running on port 1527 (TCP) with a oracle db. The problem we
have is that after 10 or 15 minutes the connection is lost, with a message:
TCP packet out of state: First packet isn´t SYN tcp_flags:
CheckPoint gw tests tunnel with
tunnel_test protocol.
This is not supported on ASA and maybe this is cause of
problems and
unstale tunnel. Use traditional mode and all will be
working.
Juraj
Miguel Hernandez y Lopez wrote:
Hi all,
One of my customer have a VPN with Checkpoint R62
Hi all, i´m having a problem with a vpn user and is configured as Office Mode
but without the option of download the security policies to the notebook. The
message error is:
service_id: telnet
dst scheme: NA
route status: Routing outside encryption domain not enabled for this client
and the
Howdy all,
Does someone saw thies error?
encryption failure: Cannot identify peer for encrypted connection (VPN error 04)
On CP documentation it seems a problem with the domain encryption, but it´s all
fine. The object of the network is in my domain encryption. Any ideas for this?
thanks in
Hi all,
I´ve a VPN site-to-site, Checkpoint vs Cisco ASA... the support of the Cisco
ASA implemented a keepalive on the tunnel (ipsec-attributes isakmp
keepalive). They´re asking me if i can put this properties in the Checkpoint
FW, but i can´t find any documentation about this.
How can i
Howdy, i´ve Checkpoint NGX R60_HFA06, the main problem is that VoIP calls from
Avaya IP Office 500 don´t work, only works in one direction.
In the Cisco switches we´ve vlans assigned to each subnet, each subnet are in
both Firewall with an ip address of each subnet and vlan. Each IP Phone
:06 AM
Any NAT translation happening between the 2 networks, when
going thru the firewall?
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On
Behalf Of Miguel Hernandez y Lopez
Sent: Monday, November 03, 2008 7:52 AM
To: FW-1
Hi, i´m seeing a lot of this messages on console.log
fwhandle_get(fwconn.c:16068): Table kbufs - Invalid handle 3e45e002 - entry
used for handle 7445e002 with value a2dc9748
fwconn_chain_get_kbuf_buf: Can't get kbuf 3e45e002 at module NAT
fwhandle_get(fwxlate.c:9529): Table kbufs - Invalid
Hi all,
I'm about to start an installation from scratch using VSX R67, which is
the most stable version of SmartCenter to manage the VSX system? CHKP advise
me to use the latest R75.20 version... but in my years of
experience, 'upgrade to latest' will quite frequently lead to new issues
Hi,
My 00.001 cents i prefer Distributed deployment with VRRP
(Active-Passive) on Nokia IP Appliances.
Regards,
Miguel
From: a bv vbavbal...@gmail.com
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: Friday, September 30, 2011 9:48 AM
You need to license the Gateway with the monitoring license.
Regards,
Miguel
From: carlopmart carlopm...@gmail.com
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: Thursday, September 22, 2011 3:49 PM
Subject: [FW-1] Question about monitoring blade
Hi,
For me, R70.40 and R71.40 are the most stable versions... i´m testing R75 and
for now it seems stable too... in my years of experience, 'upgrade to latest'
(R75.20) will quite frequently lead to new issues associated with the new
version that you may not be quite yet prepared.
Hi everyone,
Has anyone recently tried to install the Checkpoint product on
FreeBSD-STABLE? Success? I really prefer Checkpoint running on IPSO
than Splat, but now for this i need an IP Appliance... Splat is based
on Linux and can be installed on OpenServers. My idea is trying to
install
Hi,
Checkpoint IPS Blade is a good product,but you need to consider how much
traffic is passing thru your Firewall and how many signatures from the IPS are
you gonna enable because in a Gateway with a lot of VPN, traffic, etc.. and
having enable a lot of signatures the processing is high. You
Do you modified the name of a Object (host, group, etc..)? this error is
related when you wrote a special character on it, for example: ´ ' ! , etc..
when the fw cant compile the policy with this and get the memory error.
Miguel.
From: a bv
16 matches
Mail list logo