I don't know PIX but I believe they call the feature PAT( Port Address
Translation). Might want to look that up.
Ray
From: Seigo Usui [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
to
change I'm sure, is that they do not plan on discontinuing the AI tests
before the end of the year. This is reasonable to me because there has to be
a transition period.
Ray
From: Seigo Usui [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
SmartView Monitor is dramatically better.
Ray
From: Sascha Picchiantano [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] So did anyone try NGX yet?
Date
the internal
interface of the other firewall (after you have set up a rule to allow it)?
Ray
From: Adeoba, Adetutu [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re
I don't think that's going to work. When an Edge is managed by SmartCenter,
certificate authentication has to be used. But the PIX requires a shared
secret. In a community, all members must chare the same authentication
scheme, don't they?
Ray
From: Herold Heiko [EMAIL PROTECTED]
Reply
I believe Edge boxes managed by a SmartCenter server must use a certificate
or they can't be managed.
Ray
From: Charalambos Klitiropoulos [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
internal LAN so we can tell at a glance from the
logs whether the person was remote or not.
--
Change to Office Mode IP address requires firewall reboot
Symptoms: ·After changing Office Mode IP address range, firewall continues
using old IP addresses
ID: sk25859
-
Ray
that
installing it on the SmartCenter box would bring it to a crawl.
Ray
From: Andrey Maluck [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Server
Is that a literal 11 remote users or was that just an example? If it's
really a small number, you can use the ipassignment.conf file. You place a
manual entry in the file for each user ID and the IP address you want them
to get and they only get that IP address.
Ray
From: David Strom [EMAIL
Haven't tried it yet but I remember a KB about how the licensing of SC
changed in NGX. Something about no license needed on the enforcement module
any more or something. A KB search on NGX should turn it up.
Ray
From: Dusko Tubin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
Hi Russ,
Are you saying you have four of the Edges as managed by SmartCenter and this
fifth one is a compatible device and uses a manually installed certificate?
Are they all in the same VPN Community?
Ray
From: Russell Aspinwall [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
and compare them. They're text
files.
Ray
From: Russell Aspinwall [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Edge X and NGAI R55 HFA-14
Date: Thu
Check the SmartDefense section as well.
Ray
From: Christian Franke [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] SPLAT R55 Domain TCP
Date: Sat
There actually are other files that need updated in that folder as well as
the change you made. The last time I checked, you could go to the Check
Point site and select the Edge firmware section, and the latest version of
the files are there. There's earlier versions elsewhere.
Ray
From
If you click on the SmartDefense link in SmartView Tracker you can see if
there were any drops. There is a DNS section in SmartDefense; you might want
to disable it or set it to Monitor Only if the log shows any drops.
RAy
From: Christian Franke [EMAIL PROTECTED]
Reply-To: Mailing list
After it's installed, you can un-check VPN-1 from the management server
object properties.
Ray
From: Katsumi, Fred [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Posted on support.nokia.com on June 17th.
3.9 is required for NGX, so I'm not sure how Check Point will distribute the
IPSO version of NGX given that they do not currently have it available for
download. From the release notes, 3.9 will not support versions earlier than
NGX.
Ray
Is it the key retrieval that it's croaking or the CRL retrieval? If the
latter, check out sk23586
Ray
From: Kerry Thompson [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
is bloated, but it can't be that bloated! :-)
Ray
From: Ramakrishnan Pillai [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] about NGX
Date: Sun, 19 Jun 2005
That could be ugly if you can't fix it with a manual NAT rule covering just
this VPN.
Ray
From: Kerry Thompson [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject
, though.
Ray
From: J Jayavenkatesh [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] DNS entry for the VPN gateway
Date: Wed, 22 Jun 2005 14:40:59 +0800
Hi all
18265 and it requires certificate authentication. Article sk30501 has the
procedures. I use that thing a lot now that our first certificates are about
to expire.
Ray
From: Roger P Herr [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
For an IP40 to download a policy from the SmartCenter server, you must have
that one implied rule that is titled something like accept outgoing packets
from the gateway set to before last.
Ray
From: Brockhoven, Werner [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
that the NGX gateway
itself no longer has SDS functionality. Can anyone clarify this?
MSI packages are now available for installing SecuRemote/SecureClient. I
think this might be the reason SDS is no longer supported since MSI packages
can be pushed by commonly available tools.
Ray
the two Check Point services. They probably would also have to reset
the authentication scheme.
Needless to say, a Restricted User isn't going to be able to do this. And it
lets everyone know how and where to change certain configurations should
they desire to research it.
Ray
From: J
No problem. Other people have helped me a lot, so I just try to return the
favor whan I can.
Ray
From: J Jayavenkatesh [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sorry, I am familiar with the Edge devices, but not the IP40.
Ray
From: Brockhoven, Werner [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] IP40
and I could time myself on how I was doing. I didn't find the CCSE
practice tests quite as valuable but I used them both and I did pass both
tests on the first try with scores in the high 80's.
Good luck!
Ray
From: Ajay Kumar [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
it was a last minute fix. The
folks at CP did a gret job of troubleshooting the problem for us.
FWIW,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
of it, it is impossible to recover the policy and
objects from an enforcement module and rebuild your SmartCenter. I always
run an upgrade_export before I do anything in addition to imaging the
SmartCenter, but mine is not also an enforcement module.
Good luck! (I've never had one go wrong yet).
Ray
gobs of memory, though. I'm running mine on a 2 GHz desktop with 2 GB
of RAM and Windows Server 2000 and it does fine. I certainly wouldn't run
anything else on it, though.
Ray
From: Brian Anderson [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
Which version of OWA?
Ray
From: Christian Franke [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] NG R55 and Outlook Web Access
Date: Thu, 14 Jul 2005
firewall is only handling web traffic.
I can tell you that SmartDefense's Web Intelligence stops a lot of stuff and
will only get better.
So the answer, once again, is that it depends on your particular needs. :-)
Ray
From: Emily Conrad [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
=507846
HTH,
Ray
From: James Po [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Nokia IPSO 350 Disk Crash
Date: Mon, 1 Aug 2005 16:07:12 +0100
Hi,
We
Just note that if an existing connection is now dropped by the new policy,
it won't drop anymore. New ones won't be allowed, however.
If you're trying to kill an active connection, you'll have to do it from the
Active tab in SmartView Tracker.
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply
, but oh, well.
Ray
From: Dave Row [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Aventail SSL VPN dropped on rule 99443 as malformed SSL
packet
Date: Fri, 12
Any chance you'll ever open a branch government near Cleveland, Ohio? :-)
Hopefully,
Ray
From: Mears, Shane [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject
R55W
The intention of this guide is to provide system administrators with an
understanding
about the implication of each protection when installing a policy on
previous releases
(in other words, backwards compatibility)
FWIW,
Ray
From: Thorsten Behrens [EMAIL PROTECTED]
Reply-To: Mailing
titled
Backwards Compatibility and Cross Protections and is dated 01-apr-2005.
Ray
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Wednesday, August 17, 2005 5:27 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Any drops on rule 995 or 997? If so, see
Active Directory Replication fails through VPN-1/FireWall-1 NG with
Application Intelligence R55 after installing Windows 2003 Service Pack 1
Solution ID: #sk30784
It's got to do with a DCE-RPC issue and doesn't mention SmartDefense.
Ray
From: Tony
Ugh, that'snot good. I did that update just before going home and pushed the
policy OK, though.
Ray
From: Mick Toothaker [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
but it doesn't. In any event, on the few times I've needed to see what an
Expert article said, I just called their support line and it was emailed
out or read to me over the phone.
Ray
From: no-need to-list [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
Starting with SecureClient NG FPsomething (I thought it was 2 but maybe it
was 3), unauthenticated topology downloads are no longer supported and
only IKE is supported, not FWZ. Do either of these sound like the issue?
Ray
From: Michael S. Hobbs [EMAIL PROTECTED]
Reply-To: Mailing list
.
Ray
This may violate checkpoint licensing agreement but what the hell.
Checkpoint software is
overprice anyway so this makes sense.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email
if this is something broken in Office Mode Hub Mode or
whether its just a display oddity?
Thanks,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
Dang, Martin. Good catch. That's precisely what it was. I had dropped
numerous routes out of my border router to reduce some of the scanning and
the Office Mode pool was one of them, and it was the only network object I
had that wasn't configured for Hide NAT.
Thank you very much!
Ray
automagically.
Ray
From: Sean Donaghey/HDGH [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Hide NAT Issues
Date: Wed, 24 Aug 2005 22:05:31 -0400
Hi,
I
. They said they were using an
encrypted cookie and that was what was causing the problem. They changed it
so it only used ASCII and the site cleaned right up.
Ray
From: Diego F. Lastra S. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
Ahhh, Microsoft, no wonder. :-)
What version of FW-1 are you on? I can set that binary feature off on R55.
Ray
From: Diego F. Lastra S. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
IP, does it give any clues?
Ray
From: Adam Maxwell [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] FTP Client issue
Date: Tue, 30 Aug 2005 13:45:34
SmartDashboard
SmartDefense tab
Application Intelligence
Web
HTTP Protocol Inspection
ASCII Only Request Headers - if it's checked, you will drop binary in
headers.
Also see ASII Only Response Headers
Ray
From: Diego F. Lastra S. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
through both remote access and site-to-site
VPNs.
Ray
From: Dave Row [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Outlook/Exchange through FW-1 NG
I echo the other comments. SecureClient with its built-in firewall and
Secure Configuration Verification checks, although a bit clunky to set up,
do everything we and our auditors need it to do.
Ray
From: John Lindblom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
. This last one is nice
because I never liked the idea of having to upgrade IPSO and the firewall
version at the same time. However if I'm reading the matrix on page 6
correctly, it is not supported on IPSO 3.7. You have to be on 3.7.1. I
wonder if that's a typo in the matrix.
Ray
) or ANY
Destination: net-iChain-DMZ-range
Original
HTH,
Ray
From: SIBEL MEREY [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] CP Firewall and iChain
Date
if it was needed.
Ray
From: Dave Row [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] DCE-RPC blocked although ALL_DCE_RPC allowed
Date: Tue, 6 Sep 2005 06:47:25
Whenever I see just the DMZ NIC address in the logs, it has meant that Hide
NAT is being applied to traffic going to or from the DMZ. Is there any
chance your DMZ network is in your VPN Domain? That's what usually causes
this to happen.
Ray
From: SIBEL MEREY [EMAIL PROTECTED]
Reply
completely mis the point?
Ray
From: Neil Kemp [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Smartview Reporter
Date: Wed, 7 Sep 2005 10:03:31 +0100
Hi
the last day or so. There were several Edge management issues
that have been resolved with various HFAs to SmartCenter as well. I think
it's a very stable system now.
Ray
From: Steffen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
stumped. It feels like FW-1 is not allowing the
192.168.2.255 broadcast out even though it's showing Encrypt.
Any guesses would be greatly appreciated.
Thanks,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL
not leaving the
routers.
I am at a complete loss as to what even to try next to get this narrowed
down. Since they're T-1 lines, I don't know how we could even get a sniffer
on the lines themselves to see just what trhe heck is inside of them.
Thanks in advance for any guesses,
Ray
. Normally this wouldn't be a problem but it apparently was enough of
an increase that the ICMP Unreachable packets filled up the lines. Once
the router configuration was fixed, everything was fine again.
Thanks again for taking the time to read and respond,
Ray
From: Udi Cohen [EMAIL PROTECTED]
Reply
to SecureClient on
the R55 firewall. Nothing at all. Since I know the routing is correct, it
feels like the XDMCP broadcasts aren't getting through to the Unix boxes. I
do see the broadcasts getting through on SmartView tracker.
Ray
From: Martin Hoz [EMAIL PROTECTED]
Reply-To: Mailing list
it to filter on the Source or Destination column in
SmartView Tracker I see all of the traffic traversing the firewall. It's
like the firewall doesn't know what that network object does.
Take care,
Ray
From: Rajeev Gupta [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
Thanks. This thing is running Compaq's Unix. I'm pretty sure it's Tru-64
v5.1a
Ray
From: no-need to-list [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re
Well, I certainly hope it does help! I'll be able to try it tomorrow and
will let you know. We normally allow all traffic to flow between the VPN
domain and SecureClient and I havent seen any drops, but this will be first
on my list on Monday.
Thanks!
Ray
From: Rajeev Gupta [EMAIL
of the the syslogs from the router, the
spoofing entry stops as well.
Thanks for all of the help, folks. I'll dump this back on the router people
because it just looks like some kind of nuisance entry.
Ray
=
To set vacation, Out-Of-Office, or away messages
the xxx.xxx.10.x traffic to the firewall. I guess that's
the redundant route, then. From their docs, it's been this way since it was
put in in 1996.
Thanks for your time and comments,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send
the internal IP address from being accessible
from the Internet, but it didn't.
Thanks,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
Thanks for the confirmation. In fact that is precisely what we're going to
do and why we're doing this. For whatever reason, I thought FW-1 would
change the Internet-accessible IP address from xxx to yyy.
Ray
From: cisco4ng [EMAIL PROTECTED]
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
CC
those would be negative security effects. :-)
There's a lot more detail in the article including a workaround to restore
the option if you want to live dangerously.
HTH,
Ray
From: DIOTTE, SHANNON S [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
any
issues but I certainly have read about them, so I decided to try something
different. Didn't work. :-)
Take care,
Ray
From: Loge VK [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
the first HFA comes out just to see what needed fixed.
From the various newsgroups and mailing lists I monitor, it's been a pretty
solid release. I also check SecureKnowledge for any NGX-related articles and
there aren't many.
HTH,
Ray
From: Debra James [EMAIL PROTECTED]
Reply-To: Mailing list
Hi Maurit,
May I ask my you want to go with a standalone installation? I haven't ever
seen a system that benefitted from moving from distributed to standalone.
Ray
From: Loge VK [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
. SmartCenter will be set up as the Edge's
Service Center.
Note that an Edge does not understand Perfect Forward Secrecy or
Site-to-Site IP COmpression, so they must be disabled in the community. It
can be made to understand PFS but only via a CLI command, not the web GUI.
HTH,
Ray
From: [EMAIL
will change. :-)
Ray
Honestly, at least you get RAID redundancy with
high performance servers such as DELL, HP or IBM.
Nokia IP350/350 or IP530 does not have redundant
harddrive or power supplies.
=
To set vacation, Out-Of-Office, or away messages,
send
in one hour after receiving the
replacement enforcement module.
I would think long and hard about this. This sounds like someone who is on a
mission to consolidate servers so they look good even though it can impact
reliability in a negative manner.
Ray
From: Maurit Pereira Fagundes [EMAIL
of
Symantec) have an image file editor that allows you to extract individual
files from the image if needed. You don't have to restore the whole thing to
get a single file out of it.
Ray
From: Liu, David [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
.
sk17562 has the download information and it is not a public download. I
didn't see it on the SofaWare site either.
Did you get software subscription with the Edge box? Maybe this is part of
it.
Ray
From: Bob Grabbe [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
Yep, they are Western Digital's on my IP530. The only problem is they are 20
GB drives and I can't find them that small anymore! Nokia can still supply
them under my maintenance agreement and that way I don't have to install the
boot manager and partitions manually.
Ray
From: cisco4ng
Check
http://www.sofaware.com/downloads.aspx?boneId=159
Click on SmartCenter Management. If it asks you to register, do so and
you'll have a really nice PDF file about how the whole thing integrates.
Ray
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
Bingo! That was it.
Thank you VERY much!
Ray
From: Rajeev Gupta [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Running Hummingbird Exceed through
Edge's have to have a simplified policy to be managed. Do you have a
separate policy for the Edge? Even if you do, I don't think it's going to
work that way but I've never tried it.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
Unfortunately it won't change all of them. It does let you move the big
ones, though. I still get a bunch of the little ones in the default
directory on C:.
Ray
From: Marius Banica [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
of confusing because you mix both sets of rules in the one Desktop
Security policy, but you get used to it rather quickly.
If my assumption above is correct, you need to look at your [EMAIL PROTECTED]
rules to see if they are appropriate or even exist.
HTH,
Ray
I then use a dial-up
service
want to look
into IPSO 3.8.1 if it does exist, as your first step. Or maybe take the
management station to HFA16.
Ray
From: Lorenzo [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Hey, great news! Thanks for the feedback,
Ray
From: Meyers, Duncan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] SecureClient
Date: Wed, 28 Sep
the life beyond two years.
HTH,
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Securemote Certificate Expiry
Date: Thu, 29 Sep 2005 09:27:43
The release notes for R55 HFA16 say it's compatible with IPSO 3.9. I'd like
to hear if anyone has upgraded R55 to HFA16 and then installed IPSO 3.9. I'd
like to do my change to NGX in a phased manner.
Ray
From: Dong Lin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
to install it on a client that's directly connected to
the Internet. It closes rthat window of opportunity between when the client
is rebooted after the install and when it connects and downloads a policy.
HTH,
Ray
From: cp user [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
Hi Marius,
Is this a new install? If so, make sure you don't have VPN-1/FW-1 checked on
the SmartCenter object. You may be inadvertently installing the security
policy on the SmartCenter.
When this happens, how do you get connectivity back? That may give a clue as
to what is going on.
Ray
Take a look at the ARP table on the enforcement module via a console cable
right before and after a policy push and see if there's a difference.
Are you rematching existing connections on a policy install or dropping
them?
Ray
From: Marius Banica [EMAIL PROTECTED]
Reply-To: Mailing list
NGX won't run on anything except 3.9, so the hotfix must be for 3.9.
Ray
From: Tony Pombo [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Is NGX
Does your firewall object have the external IP or the internal IP? It has to
be the external IP.
If it works with hub mode, that tells me it's a routing issue. SecureClient
doesn't know how to find the policy server until it's already inside the
firewall.
Ray
From: cp user [EMAIL
to upgrade just for my ego's sake. :-)
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Certification Tests
Date: Tue, 11 Oct 2005
The Edge, at least v5 firmware, does not have a policy server. I don't know
about the connection limit.
Ray
From: Andriy Malyuk [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Did you figure it out? I'm getting it after this last SD update as well.
It's blocking traffic from Outlook Web Access to the domain controller.
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
.
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] SmartDefense drops on 99444
Date: Wed, 12 Oct 2005 11:30:18 -0400
I'm getting
their default route always ends up at the firewall. That
way you can pick any address space you want for Office Mode.
Ray
From: cp user [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
It seems to have come out in the last update. If that thing is dropping
every nbsession packet between an NT 4 member server and the NT 4 domain
controller, something's broken somewhere.
Oh yeah, it's probably NT. :-)
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list
301 - 400 of 943 matches
Mail list logo