The release notes say R55W is not compatible with Floodgate. Supposedly this
will change in the next major relase of the product, whenever that will be.
Ray
From: Mateo Cabrera [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject
when you run it, even if
it's not.
Ray
From: Joao Santos [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] VPN problem
Date: Mon, 6 Sep 2004 09:47:11 -0300
Hi all.
I have a fw-1 NG FP3 running on nokia IP350. I'm trying to use
Unfortunately it's the one thing stopping me from going to R55W. I'm
confident Check Point will be able to lremove that restriction in the next
major release.
Ray
From: Mateo Cabrera [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED
And make sure you're not accepting DNS queries on an implied rule.
Ray
From: Matthias Leu [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Split/Encrypted DNS
Date: Tue, 7 Sep 2004 17:31:00 +0200
Alan Baker wrote:
Hi
are
selectable.
Anybody know how to make these selectabe for the order processed?
Tanks,
Ray
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01
. An FAQ said it has to
come from Check Point.
Ray
From: Russell Aspinwall [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Edge X firmware upgrade
Date: Thu, 9 Sep 2004 07:13:57 +0100
I have been trying to upgrade firmware
Ray
From: Shelton, Raymond A. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge X firmware upgrade
Date: Thu, 9 Sep 2004 09:00:13 -0500
I find this goes well with bacon.
-Original Message-
From: Mailing list
Do you have disable NAT in the community checked in VPN Manager? When you
set up the Edge object, did you click the Topology section and change it
from the gateway to the network object you set up for the Edge internal
network? I missed this one.
Ray
From: Claudia Cordova [EMAIL PROTECTED]
Reply
disk space, account group membership, etc.
It's not quite free, but at $700 US to monitor an unlimited number of
servers, it's pretty close.
Ray
From: Sascha Picchiantano [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] VPN
station, so it should work on a SPLAT box.
Ray
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] SmartDashboard R55 keeps timing out, and VPN connect.
Date: Fri, 17 Sep 2004 07:44:51 -0500
We're just built
?
Does the firewall have a route so it knows what to do with the 10. network
traffic?
Ray
From: Lyle Dove [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Hub Mode
Date: Wed, 22 Sep 2004 11:40:50 -0700
Hello all,
I'm having
I believe SecureClient requires a paid-for license regardless of whether
Check Point is enforcing it technically or not.
Ray
From: Ramakrishnan Pillai [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office Mode
to Internet sites when connected in by SecureClient.
Since you don't have any desktop rules blocking anything, this leaves
routing as the prime suspect.
Are you using Office Mode? If not, what would the IP range be for the source
of the hub mode packets leavingthe firewall how are they routed back?
Ray
http://www.checkpoint.com/techsupport/hfa.html
Check Point recommends the following customers install HFA_09:
Customers running HFA_07 or below
Customers running HFA_08 that will benefit from the latest resolved
issues
It's nice to see this kind of specific gudelines in the release notes.
Ray
? Is ti on a DMZ?
Ray
From: Sascha Picchiantano [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] WindowsUpdate fails after last SmartDefense Update
Date: Fri, 24 Sep 2004 11:48:46 +0200
Hi,
the subject basically says it all
The only thing you have to make sure is that your internal routers know to
send traffic destined for the Office Mode range to your gateway. If your
default route is to send everything at the gateway, you're already covered.
Ray
From: Joe Pope [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
to see what's going
through the VPN.
Ray
From: Stewart Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Citrix through Edge VPN
Date: Fri, 24 Sep 2004 12:55:26 -0400
I have read about a number of Citrix issues through
the Office Mode IP Pool in your encryption domain.
We do. It allows SecureClient-to-SecureClient connections (think VoIP or
NetMeeting).
Ray
From: Jean-Francois Gobin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Another
Well, live and learn. Thanks for the clarification. Do you mean the accept
all encrypted traffic check box? I've never used that for some reason, but
I ferget why.
Ray
From: Stewart Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
Floodgate.
Ray
From: Raymond N [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] what is NG AI R55W
Date: Fri, 24 Sep 2004 11:24:17 -0700
I know what is NG AI R55, but what is the 'R55W'? Is this a newer version
mean.
Ray
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
=
To set vacation, Out-Of-Office, or away messages,
send
And what version of SecureClient and what OS on the client?
Ray
From: Jeremy Lieb [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Another.Another. Another NAT question
(SecuRemote)
Date: Fri, 24 Sep 2004 21
boot
the computer while inside the company, shut down, go home, and start the
computer while the same internal NIC is still installed, you're dead in the
water unless you remove the internal NIC or release the IP address that you
will not see as in use. Windows 2000 XP don't have this issue.
Ray
From
Each one has its own Monitor Only check box if that option is available.
They have the OpenSSL SmartDefense object stuck under VPN Protocols or
something like that. It's not in Web as you might expect.
Ray
From: Sascha Picchiantano [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
gets logged on something like rule number 9080.
Ray
From: Ray [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] WindowsUpdate fails after last SmartDefense Update
Date: Sat, 25 Sep 2004 12:37:55 -0400
Each one has its
to look at picking up a few licenses of SecureClient for
them. You can assign each of them a specific Office Mode IP address tied to
their ID via the ipassignment.conf file and then grant access to just those
Office Mode IP addresses. A bit more expensive but far safer.
Ray
From: Sascha Picchiantano
I'm not sure where you're looking, but PocketPC 2002 and 2003 clients can be
found here: http://www.checkpoint.com/techsupport/downloads_sr.html
Yes, SecureClient will act like SecuRemote if you do not have SecureClient
licenses.
Ray
From: Joao Santos [EMAIL PROTECTED]
Reply-To: Mailing list
256 is very, very small. In fact you'll probably finding yourself increasing
it to around 4096. At 2048 we were dropping many web sites where they have
been customized for the end user (my.website.com types) because the
pesonalized login is obscured in a very long URL.
Ray
From: Dahl-Stamnes Jørn
it raises are still
valid particularly if upgrades were performed from an earlier version to the
current versions.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist
an earlier version to the
current versions.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe
I don't know about exploits but we've only seen one IP address blocked via
rule 9080, so at least it isn't false posiive crazy.
Ray
From: Philipp Müller [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] JPEG/GDI+ DLL
to
accept the remore access traffic.
If I'm thinking correctly this morning, that is. :-)
Ray
From: Steve Loughran [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] LAN-2-LAN IPSEC inside IPSEC VPN?
Date: Thu, 30 Sep 2004 08:06
It's od, isn't it? You're required to purchase a SmartDefense license for
each gateway but if you only have one license because you only need it on
one, it applies itself to all of them.
Ray
From: Jim Grant [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
did you define the
topology for the internal interface? It should be a network group object
that has the two individual networks in the group.
Ray
From: theG man [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] HIDE nat
Gotcha. I didn't understand this had been working previously.
Ray
From: theG man [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] HIDE nat problem
Date: Sun, 3 Oct 2004 19:23:08 -0700
to answer your questions, we have
If you're running R55 HFA05 through HFA08 on the gateway and SmartView
Tracker is showing a VPN Error Code 03, this problem is fixed in HFA09.
It's also fixed by simply waiting fifteen minutes or longer from the time
of the disconnect before trying to reconnect.
Ray
From: Fischer, Jürgen, 3414
by
SecureCLient.
Ray
From: Brian Hope [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] SecureClient VPN not able to traverse site to site vpns
Date: Thu, 7 Oct 2004 10:22:04 -0400
I connect my workstation via the SecureClient VPN
Thanks for the kind words, Sal.
It looks like I'm going to have to start using HotMail's spell checker,
though. :-)
Take care,
Ray
From: Previtera, Sal [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SecureClient VPN
To us, definitely.
Ray
From: John Lindblom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SmartDefense
Date: Fri, 8 Oct 2004 07:25:05 -0500
There has been some talk recently about SmartDefence on the list
and try a simple telnet to the box across the tunnel.
Attacker will tell you the source IP without you having to install a
sniffer.
FWIW,
Ray
From: Kingsley Chu [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Site
On the Check Point software subscription download site.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
will happen if you run through a proxy server that requires
credentials, because there's no way to input credentials into SmartDefense.
I had to set a rule to allow the SmartCenter box to bypass the proxy server.
Ray
From: Tom Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
Is the 207. firewall the main firewall or the new remote office firewall?
Is this a hub and spoke community or a mesh community? Or traditional?
Ray
From: Ryan Worthington [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1
Hi Ryan,
I suppose we need to back up a step. What version and service pack (HFA) are
you using for Firewall-1 and for SecuRemote?
Ray
From: Ryan Worthington [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Cannot
since you're
controlling them with your own rules.
Ray
From: Ware, Larry [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] log unification error, etc.
Date: Thu, 21 Oct 2004 11:10:35 -0400
Anyone know what this means
Don't know about that, but I can tell you it doesn't work for me from home
and my Sygate laptop firewall said it was trying to go to the Internet
directly from my laptop.
Must be broked...
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
SmartDefense drops are logged on high number pseudo rules. Look at All
Records and filter on Rule Number greater than your highest rule number
Ray
From: Tom Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Smart
Sorry, I'm not familiar with that version at all. I mistakenly assumed you
were on a current version. The build number is the 4.1 equivalent of the
HFA. Perhaps spmeone else here can help you,
Ray
From: Ryan Worthington [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL
SmartView Monitor can show you actual throughput.
Ray
From: Edouard Manuel Zorrilla Calancha [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Measuring throughtput from Nokia Machine
Date: Thu, 21 Oct 2004 17:43:33 -0500
We have never been able to get a DLink router 600 series to work with
SecuRemote/SecureClient. The 714 model and Linksys models worked instantly.
A message I found said that setting the MTU on the DLink to 1000 helped them
make it work, for whatever that's worth.
Ray
From: Chanoine [EMAIL
Hi Igor,
Could you post the full text of this alert? Our company blocks web sites
ending in .ru ...
Thanks,
Ray
From: Igor U.Miturin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Bypassing client application protection
What's the event log say? Is FW-1 4.1 Backward Compatibility installed on
that box? It's currently required for Edge management because the Edge
firmware is part 4.1 and part NG.
Ray
From: Joe Pope [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
Windows client variations, such as SecuRemote
and 4.1 cannot now be used to bypass the SCV checks.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
bumped up to HFA11.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing
What versions are you running? I've read a lot of messages here about FTP
problems but we have never had an issue under R55 and we have a lot of it
going on.
Ray
From: KEVIN LOVEGROVE [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED
Do you mean because of the lack of 3.8 support? That's kind of expected
until the two companies figure out the direction, I think.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SSL Network Extender now
To elaborate, the R56 client requires that a certificate be installed on the
Edge box.
http://sofaware.infopop.cc/eve/ubb.x?a=tpcs=5006072361f=2406072361m=2301067841
Scroll down to an Oct. 21st posting by Ilana.
Ray
From: Oscar Aviles Sandoval [EMAIL PROTECTED]
Reply-To: Mailing list
The Current Hot Fix Accumulators page still shows HFA 09 but when you click
a link it brings up HFA 11.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist
for R56 or whatever the next version will be called because it
should be fairly soon. R55 came out about a year ago, I believe.
Ray
From: Costaras Steve - stcost [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] [SPAM] [FW
, but it sure looks like it
did.
Thanks,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from
setup. When we were remote, the proxy
couldn't be found, so we had to manually enter the default DNS domain
(primary DNS suffix) on each computer. In Computer Name, click Properties
and More, as I recall, to get there.
Ray
From: Kalpesh Patel [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
, and
all of the file server copies were fine after the MTU decrease.
You might want to repost your question at www.sofaware.com in their
Discussion Groups as that group seems to be more small business-based, so
you may get additional responses that could help you.
Ray
From: Peter Goodridge [EMAIL
Very odd. i got this precise error today as well. I had taken the management
station from HFA08 to HFA11 a wek ago and needed to do a cpstop/cpstart and
that's when it occurred. It did restart from smsstart but I never had this
happen on HFA08 on Windows 2000.
Ray
Event Type: Information
Event
hints,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see
some site without any understanding of the underlying
issues. The auditors will then have to quantify the risk versus the dollars
and disruption.
Ray
From: Erik Widholm [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1
this:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositeipsec.mspx
should be the page.
Ray
From: Rachel Graves [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] ISA - FW1 (VPN)
Date: Fri, 26 Nov 2004 10:21:31
inspect connections handled by flows.
Ray
From: Dirk Udo [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Floodgate -- TCP sequence verifier
Date: Tue, 30 Nov 2004 09:02:00 +0100
Hi all,
After installing R55 hfa11 on w2000 I
Sure, isn't that how it's supposed to work? The internal DNS is a superset
of the external DNS.
Why is this a problem for you, Gary?
Ray
From: Gary Scott [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] split DNS
performace-wise.
Ray
From: Brad Pinkston [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] SmartView Reporter
Date: Wed, 1 Dec 2004 10:19:04 -0600
I apologize up front if this turns into a simple answer. My Checkpoint
setup
Gotcha. We require a proxy for all Internet access and the people using
remote access must use it as well. The proxy resolves all DNS requests on
behalf of the client, so that's never been an issue for us.
Ray
From: Gary Scott [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
initially and we all know what a bad idea that can be.
Ray
From: Gary Scott [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] split DNS with office mode
Date: Thu, 2 Dec 2004 09:00:49 -0500
Ray,
There is another problem
I beta tested the R56 version because we had issues with the R55 version
pulling the logs reliably. Once they got our issue duplicated and resolved,
this thing hasn't missed a beat. When you go into management, look at Log
Consolidation and it will show you if it's working and how fast.
Ray
From
consolidation
job, choose custom and one of the selections lets you pick the starting
file. That way it will process all of your switched logs before moving on to
fw.log.
It did 30 days of logs for me in less than half a day so I now never se it
off fw.log either.
Ray
From: Brad Pinkston [EMAIL PROTECTED
The R56 version has a database size of around 20 GB with an automatic
maintenance feature. You can set the thresholds and the default is to remove
records or whatever at 80% of full.
Ray
From: Previtera, Sal [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
of the cost and
use it as a spare. It also has built-in failover to a second Edge if you so
desire. Once it's configured, you can save the config to a text file.
Restore the text file and you have restored the entire config.
FWIW,
Ray
=
To set vacation, Out
and it's blazingly fast in generating
reports.
Ray
From: Previtera, Sal [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SmartView Reporter
Date: Fri, 3 Dec 2004 08:01:35 -0600
Sorry Ray,
My production server
communities.
Any help would be appreciated.
Thanks,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
for 4.5.64.
Ray
From: Jake Hildreth [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Maintaining tunnel.
Date: Mon, 6 Dec 2004 13:47:20 -0500
Hi folks,
I've got a R55 HFA09 Express box on Splat in a main office with an Edge X16
HFA01 for R55W
HFA12 for R55
HFA01 for Connectra 1.1
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
the
enforcement module or you risk not being abl to manage it any more.
No, no archive I know of other than the release notes.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW
Did you delete the old site in Securemote and recreate it for the new
gateway?
Ray
From: Dennis Pham [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] unable to VPN after
Hmmm, my userc.c gets overwritten on each login, but I have my topology
updates set to occur every hour. What's yours set at?
Ray
From: Dennis Pham [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Are you positive it's not dropping you as a spoof?
Ray
From: Robert Fowler [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Failed to match proposal
Date: Wed, 22 Dec 2004
Hi Peter,
There were a ton of Edge fixes around HFA07. Due to the ASN.1 issue, you
really need to get the gateway at HFA09 at least first. Then see if you
still have a problem.
Ray
From: Peter Goodridge [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
is not included in service - any so you have tyo define it
explicitly. Make sure you allow back connections for SecureClient as well.
Using SecureClient R55 HFA03 and Office Mode.
Ray
From: Alan Baker [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
not?
Thanks for your thoughts,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from
Nothing earth-shattering in the release notes although it does add
non-English languages in the GUI.
http://www.checkpoint.com/techsupport/downloads_sr.html
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED
my OM address. I do use certificate authentication if that
matters.
Is anyone else having any issues with this new version?
Thanks,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add
You need to use the VPN-1 filter, not the SecureClient filter, and also
filter on the Remote Access community. The SecureClient filter just seems
to show Alert entries from the Desktop Security policy.
Ray
From: Patrick Marquetecken [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
the issues
we had with the site-to-site VPN latency was due to bandwidth-stealing.
We've got a pair of T-1's.
We just installed the packages during the initial installation of the boxes
and began to use it. Be aware that it is not compatible with the W version
of R55.
Ray
From: Mehmood Zafar/MAXIMUS
that the
computer aleady knows as local,, SecureClient will not work properly.
The fix is to teach your end users to release their IP address using
winipcfg/ipconfig before connecting up at home (or before leaving the
office).
Windows 2000 and Windows XP do not have this problem.
Ray
From: Hermans Michel
SecureClient's Office Mode would do it. Trying to use NAT rules to fake out
the distant network as having a different IP space will get messy from a
name resolution standpoint, unless you're only hitting one or two hosts.
Ray
From: Robert Fowler [EMAIL PROTECTED]
Reply-To: Mailing list
.
The poloicy and log consolidator stuff has been removed from Dashboard and
incorporated into the R56 SmartConsole client. You now make all of your
settings there.
Ray
From: Andrey Maluck [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Go over to
http://www.checkpoint.com/logins/smartDefense.jsp?redirect=/defense/advisories/protected/scv/index.html
and log into your User Center account. The first link is titled Checks for
installation of Service Pack 2 for XP and has the syntax you will need.
Ray
From: Sebastian Kinnaird [EMAIL
it manifests itself as a tunnel test failure only. We've also had cheapo
home routers where Visitor Mode worked but straight IPSec would not.
If you're running Nokia, make sure you configure Voyager to use a port other
than 443 before you implement it. :-)
Ray
From: Stephen W. Stewart [EMAIL PROTECTED
I believe Symantec, McAfee and Trend at least. if you have Symantec v9, it
comes with a program called VPN Sentry. This is, astoundingly enough, an SCV
plugin that works on v7, 8 or 9 and gives a whole lot more capability than
the built-in checks.
Don't know about the password, though.
Ray
From
, but I would really like to be able to use Virtual Link Monitoring to
watch the tunnels. (hint, hint). :-)
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist
http://www.sofaware.com/supportDownloads.aspx?boneId=266 for the user Guide
and CLI guide.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
a
whole bunch.
Other than that I don't see much use for it.
Ray
From: Chris McGill [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Nokia IPSO Cisco Router
Date: Wed, 19 Jan
Don't know about SecuRemote, but with SecureClient you can set up a Remote
Access Connection Profile on the management station and it will be read-only
on the client.
Ray
From: Nick Rawlins [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
101 - 200 of 943 matches
Mail list logo
