I've seen a similar error message on earlier revs of R55 where removing a
network object that was still in a rule would cause that error. Any chance
it's used somewhere else, if in fact you can still see it?
Ray
From: Tom Brown [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
. I did pass the CCSA CCSE on the first attempt using a combination
of the Sybex books and Boson tests, for whatever that's worth.
Ray
From: Christian Chiaverini [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW
hotfixes that you will need to apply first to avoid BSOD
problems. I know this isn't what you're seeing ,though.
If this laptop has the Cisco VPN client on it, it will have to be
un-checked. That Deterministic Networks thingy is usually the problem.
Ray
From: [EMAIL PROTECTED] [EMAIL PROTECTED
of installing any client software at all, like SNX. I
don't need those kinds of headaches.
Thanks for any help,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1
Check Point has released sk31267 with a hotfix to be applied on top of
HFA16. The hotfix can be downloaded from the article and requires a reboot
of the enforcement module.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email
Thanks, Chris. We're trying to stick to just one authentication scheme that
doesn't involve user names and passwords.
Ray
From: Covington, Chris [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
and it's rock solid.
What's your throughput and how many IPs will be behind it? Is it doing
anything fancy like remote access or publishng web servers?
Ray
From: Covington, Chris [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
Can you ping the internal interace of the opposite firewall? If so, it might
be a downstream router that's blocking it.
Ray
From: Luiz H. Guimarães Filho [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
. There are basically 2 Class C VLANs behind the router,
1 is for phones and doesn't traverse.
The 130 should be fine. My 120 is an internal firewall on a 100 M/bps LAN
and the throughput is OK.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send
in, the
card is off. The PC Card can stay plugged in all the time.
Ray
From: Stephen W. Stewart [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Wireless
Why does the client at HQ need to connect to the external interface of the
remote firewall?
In a simplified security policy, all enforcement modules are automatically
part of th encryption domain.
Ray
From: FITZ MAILING [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
VPN-1/FireWall-1 rejects HTTP traffic following Gateway's upgrade to HFA_16
of NG with AI R55
Solution ID: #sk31267
The hotfix is attached to this article.
Ray
From: Reinhard Stich [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
)
:max_trials (0)
)
This is mine with hotspot disabled. Note that you must first stop the Check
Point services before editing userc.C and start them after you save the
edited file. AsI recall, the :enabled( false) needs to be made true
Ray
From: Mark
SmartView Tracker for drops to and from the Office Mode network
to make sure your rules are OK.
Good luck,
Ray
From: Kalpesh Patel [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
default settings Check Point has.
Ray
From: Kalpesh Patel [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] VPN / Site-to-Site issue
Date: Thu, 10 Nov 2005 23
Define migrate please. Do you mean merge an existing certificate
authority into an existing one or do you really mean migrate as in the
NGX box is replacing the R55 box?
Ray
From: Meyers, Duncan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
, though.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please
split
tunneling and denies access to local LAN resources unless they can be
reached by the gateway, but it should do what you want.
Note that there were some issues with Hub Mode that got fixed in
SecureClient NGX.
Ray
From: Marcus Hess [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
/techsupport/downloadsng/utilities.html#upgrade_verify
for R55
http://www.checkpoint.com/techsupport/ngx/utilities.html for NGX.
Ray
From: Meyers, Duncan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
without doing the CCSA..
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Certification Tests
Date: Tue, 15 Nov 2005 21:43:41
Maybe NGX is different, but I know earlier versions required the server
version of Windows on the SmartCenter.
Ray
From: Andriy Malyuk [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Do you have a VPN between the Check Point gateway and the Cisco gateway?
That's the only way you should see that error in the Check Point logs. We
have several Cisco clients behind a CP box with no issues.
Ray
From: Oliver [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
Odd. That article sk23196 was updated on Nov. 21st and says no fix is
available but it will be included in NGX HFA01 due in Sept. 05. I wonder if
this is going to take a SecureClient fix. The one available for download is
still the original one.
Ray
From: Scholz Wolfgang [EMAIL PROTECTED
for it and you get feedback on what
you wrote. I've used it a few times and it works nice. Sometimes it takes a
few weeks but each time I've submitted something, I've gotten feedback and
clarified wording in the article or whatever it pertained to.
Ray
.
Ray
--
From : Viktor Steinmann [EMAIL PROTECTED]
Sent : Wednesday, December 7, 2005 11:54 AM
To :full-disclosure@lists.grok.org.uk
Subject : [Full-disclosure] Checkpoint SecureClient NGX Security Policy
caneasily be disabled
This was supposed to be available in SecureClient NGX NGX HFA01 on the
gateway. It seems it was but there's an additional configuration step
needed. It's detailed in sk23196
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email
On Dec. 6th, CP posted new libsw files to the Edge 6.0 firmware download
page. I suspect they also apply to NGX due to their date.
Ray
From: Du¹ko Tubin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
Doesn't seem to have anything earth-shattering, at least for me.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
From the Full Disclosure list - seems to be a popular topic nowadays. sog
Ray
From : Avner Peled [EMAIL PROTECTED]
Sent : Thursday, December 15, 2005 8:35 AM
To :full-disclosure@lists.grok.org.uk
Subject : [Full
It's a SmartDefense drop. You have to change SmartDefense to allow
connections to all ports,
Network Security
Dynamic Ports
Select the top radio button
Ray
From: Tauseef Khan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
require
a crypto card for good performance. You might want to try kicking Phase 2
down to AES-128 while leaving Phase 1 at AES-256. That's what I run but I
don't have the bandwidth requirements you do.
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
on the firewall.
I suspect Lindsay is correct; this is a protection that got moved into
SmartDefense when it originally wasn't there.
Ray
From: Lindsay Hill [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW
I've seen this as well and also had it happen with user names. I've had to
delete the object and recreate it with identical parameters to clear the
error.
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
,
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Please help: Connectra Security Gateway on Secureplatform
Date: Mon, 26 Dec 2005 17:22
been an issue. I don't know how you're enforcing
that restriction on your employees, but if it's a personal firewall, you
could add a rule to allow TCP 444 to the Connectra public IP only.
Ray
From: Reinhard Stich [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
certificate.
Ray
From: Ray [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Please help: Connectra Security Gateway on
Secureplatform
Date: Wed, 28 Dec
through fine. It does
not pass them automatically like IE does,
Ray
From: Covington, Chris [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Please help
on user.
RAy
From: Michael J. Semaniuk [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Please help: Connectra Security Gateway on
Secureplatform
Date
and it works
fine. We had some US citizens over there recently and they were able to
compare Connectra versus SecureClient in the US and they said there wasn't
any noticeable difference.
Ray
From: Reinhard Stich [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
Are you thinking of the FTP Bounce attack? That protection is one of the
ones in SmartDefense that cannot be disabled (as I recall). Seems t0 ne it's
a defect in the FTP protocol, so if you have something that follows the
protocol, then you are susceptible.
Ray
From: Charalambos
Thanks for the detailed reply. That's pretty much what was happening to us
with Outlook and Exchange.
Ray
From: Charalambos Klitiropoulos [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
://java.sun.com
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Another Connectra on SecurePlatform Question Part III...
Please help
to the Internet.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please
I don't know about this, however if you pass the CCSA test, you receive
twelve months of Advanced Access to SecureKnowledge. If you pass the CCSE
test, you receive eighteen months of Advanced Access. This might be an
alternative for you.
Ray
From: Delava Alain [EMAIL PROTECTED]
Reply
You probably need to download the libsw updates for that level of the
firmware and install it on the SmartCenter. They'e on the same page as the
firmware download.
Seems to me that NGX requires the libsw updates applied in two folders,
unlike R55.
Ray
From: Michel Lapointe [EMAIL
as
they are to you and we're adding more Check Point products to our systems
because of their performance and reliability.
Or maybe that statement just says something about our other vendors. :-)
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
or are you getting into modifying site-to-site
VPNs and such?
RAy
From: Robert Fowler [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Secure remote Client
There have been several complaints about 6.0.42 on the www.sofaware.com
discussion groups, for whatever that's worth.
Ray
From: Russell Aspinwall [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
disk
space or reduce what you're logging temporarily). The certificate authority
CRL will be cached on the gateways, so that's not an issue either.
I routinely take mine down for two hours or so to create a disaster recovery
disk image with Symantec Ghost.
Ray
From: mymailinglistsonly [EMAIL
and you can specify just the old destination IP address.
Sometimes it's fast, sometimes it takes a few minutes to complete its thing.
Ray
From: Tom Brown [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
the proxy
server IP address.
E. B, C, D.
Ray
From: Tom Brown [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] preventing SSH tunnels
Date: Mon, 16 Jan
.
Ray
In Windows the default is to first
check the host file, then DNS or WINS (from Win2k and on DNS is used before
WINS).
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw
will they be using to stream the audio? Is it really streaming
or just HTTP downloads?
Ray
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] QOS
of other stuff they (or malware) can do as well.
The first reference link is interesting, though.
Posted as an item of possible interest,
Ray
Date: Tuesday, January 17, 2006 4:48 PM
From: Thierry Zoller [EMAIL PROTECTED
http://www.checkpoint.com/downloads/latest/hfa.html
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
will have to re-license the SmartCenter using the User
Center. If that's the only change, I don't think you'll have to change
anything with SIC.
Ray
From: Alexander Simbun [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
Agreed on this, and I once found an SK article that confirmed it.
Ray
Personally I've had to play with the exportable for
securemote/secureclient setting and it DOES have an impact.
=
To set vacation, Out-Of-Office, or away messages,
send
VPN traffic.
Are you using central licensing?
What versions are the SmartCenter and enforcement modules on?
Ray
From: Alexander Simbun [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
SmartCenter is on our internal
network and I manage the main firewall from behind it. We have WAN
connections to other locations. In one of those other locatons I have an
internal firewall. I can only reach it from its external interface and I can
manage it just fine.
Good luck!
Ray
From
you clone a computer
with Symantec AntiVirus Corporate Edition).
It's a GUID that is supposed to be unique to each computer but the clone
image put the same key on all of them.
Ray
From: Sommerfeld, Frank [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
Seems to me you can just delete the key and reboot.
Ray
From: Sommerfeld, Frank [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Same SecuRemote IP
and userc.C, I use WinZip to zip it up and then use the
companion self-extractor creator to make it a single .EXE install file.
userc.C is modified to preset the gateway IP address, etc., so it's easier
to configure when installed.
Ray
=
To set
Yes. Apply at least HFA-01 to the gateway, use the NGX R60 version of
SecureClient and follow the directions in this article:
Hosts cannot use DNS name to access SecureClient
Solution ID: #sk23196
Ray
From: Bernhard Weiser [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
Yes, it is. It installs as part of SmartCenter. It does have some
limitations, though. For instance it un-modifies PRODUCT.INI. If you try to
create a Compact View deployment, it backs out all of your changes without
asking. That's why I now do it manually.
Ray
From: Robbie Elliott [EMAIL
to translate the other side into a different address range and
then use some sort of static name resolution.
Ray
From: Chris McGill [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
.
Ray
From: Ronny Nussbaum [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] SecuRemote over D-Link DI-514 and DI-624 routers
Date: Sat, 4 Feb 2006 22:16
of a sudden
everyone in the meeting could connect simultaneously via Visitor Mode.
Ray
From: Ronny Nussbaum [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1
on the SmartCenter. It actually looks like it's going to
install the whole thing, copying files an everything, on the SmartCenter
then all of a sudden it stops and gives you the choice to install just the
add-on, which is what ships the logs to the database.
Ray
From: john maverick [EMAIL
No, no changes are made to the rules at all. You still have to enable it
manually.
Ray
From: john maverick [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re
Your best bet would be http://www.isaserver.org. How are they planning on
connecting ISA in? Off a DMZ interface, in series with CP or what?
I've got ISA 2000 behind CP and we're using it to control outbound web
browsing traffic as well as to virus-scan incoming.
Ray
From: Robbie Elliott
. The
difference is probably that the SecureClient firewall protects the laptop
whether it is connected or not.
Ray
From: Mark Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Hi Fabrice,
The solution is to forget about SDS. It's no longer a part of the system
starting with NGX, probably because Check Point now supplies .MSI files.
You're trying to make something work that you cannot use in the future.
Ray
From: Fabrice BARUTEL [EMAIL PROTECTED]
Reply
Seems to me there has been a revision or two to IPSO 3.9. Which variant are
you using?
Ray
From: Jignesh Joshi [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject
the firewall.
Another really neat feature is that the ISA inbound listener ignores
connections coming in by IP address and not the DNS name. It makes port
scanning virtually useless because ISA just ignores the traffic since the
connection is by IP address.
Ray
From: Hawkins, Michael
Don't know. What version and HFA level are you on?
Ray
From: Mark Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Error: PS: less than 10
anything else.
Ray
From: Hawkins, Michael [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] ISA Firewall Question
Date: Tue, 21 Feb 2006 20:25:19 -0500
Yes
What does SmartView Status show for the enforcement module under Policy
Server?
You're somewhat behind on HFA's, however I would think you're current enough
that it should be enforcing the license limit.
Ray
From: Mark Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
years ago, anyway).
Remember that you can buy licenses from any CP dealer, so if they won't
offer you relief from their mistake, go elsewhere.
Good luck,
Ray
From: Mark Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
There is a SmartDefense block for iTunes somewhere but I don't know how much
of iTunes it does block. Look in that big long list of HTTP headers that it
can examine.
Ray
From: Tom Brown [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
gateway, bu that certainly does not
explain why the Office Mode IP is not being seen behind the Nokia. Maybe
it's a clue, though.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
is the Nokia box (doesn't go via the
SPLAT).
It is going via the SPLAT box; it just doesn't show up in the traceroute. If
it wasn't, the Nokia would not show up as the first hop.
Does this help?
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW
SmartDefense settings apply to all interfaces. If you had a second interface
that went over to a DMZ and you needed to copy files across it, you wouldn't
be able to do so if SmartDefense blocked it.
Ray
From: Claudia Cordova [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall
files. Do those emails have zip file attachments?
Ray
From: Verweyen, Dirk [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] WSE0020008
Date: Tue, 14 Mar 2006
there that violate this part
of RFC-2616 and so we have had to rethink our answer to this problem.
FWIW,
Ray
From: Ray [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re
If you're asking whether you can set up a separate box for consolidating the
logs and generating reports without buying another license, yes. That box
becomes a Check Point host.
The recommended method is to keep the Reporter database separate from the
SmartCenter.
Ray
From: Alexander
http://www.checkpoint.com/downloads/latest/hfa/vpn1pro_express.html - HFA 02
is current and 03 is imminent.
Ray
From: Hal Huntley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Are you using Office Mode? The error message says you should be because
someone else with the same local IP adress is connected at the same time. Is
that possible?
Ray
From: G³owacki S³awomir [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW
It's possible if you deploy new computers with SecureClient pre-installed
and you also use a disk imaging program like Symantec Ghost. There's a
unique virtual MAC address created as part of the installation in the
registry.
Any chance you're deploying computers like this?
Ray
From
object? Or do I just have to keep the old router in place?
Thanks for any education you can lend,
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
to be a real pain ongoing.
Ray
From: Lyons, Jon [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Question on default route to a new ISP while retaining
Thanks Jason and Lino.
Unfortunately I now have ask you to answer a new question. :-)
What the heck is a sub-interface? I have ever heard that term before.
Yes, they are our IP addresses and the new ISP will announce them for us.
No, they are not NATting anything from us.
Thanks,
Ray
via SmartUpdate, it learns that IP address. When I detach
it via SmartUpdate, the license is available for re-use. My UserCenter
account license list does not show any IP addresses other than my
SmartCenter.
Thanks for all of your time,
Ray
From: chkp tech [EMAIL PROTECTED]
Reply
Yeah, that's what I wanted to do, but they said they can't do it because
it's a switch and because it's not their IP space. I don't think they're
being difficult, probably a company policy or something.
Thanks for all of your help,
Ray
From: Lyons, Jon [EMAIL PROTECTED]
Reply-To: Mailing
. The only one we cannot
open is Access files, and it appears to be a Microsoft thing. If there's a
. in the file path, as there is in the URL, Access refuses to open because
it thinks its coming from an unsafe environment (or some other silly thing
like that).
Ray
From: Peter Gavagan, Jr. [EMAIL
Is your call for the Access issue? Unfortunately fhat won't work for us
because they're shared databases.
Ray
From: Khan, Irfan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
At the Check Point site.
Cluster XL
Secure Workspace
Embedded applications, where the app is on the Connectra gateway
File Shares no longer use Web Folders
An SNX client for the Mac
and a bunch more.
Ray
=
To set vacation, Out-Of-Office, or away
Go into the Software Subscriptions, Download Selector, select Connectra,
etc. I grabbed it this morning but am still going through the docs.
Ray
From: Jeremy Lieb [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Nope. The number of R61 articles is slowly increasing in SecureKnowledge,
so I figure it'll be soon.
I might actually have to move off of R55 this year before I get too far
behind. :-)
Ray
From: Jeremy Lieb [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
and executes it
locally without having to install ti locally, seems nice. I'm a bit
disappointed that only SSH v1 is supported, not SSH v2, though.
Time will tell,
Ray
From: Jeremy Lieb [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
thing that seems to be missing is Connectra R60 HFA 02, which was
supposed to be out a few months ago. It was supposed to allow the SSL
Network Extender to auto-minimize, which is a nice feature.
Ray
=
To set vacation, Out-Of-Office, or away
401 - 500 of 943 matches
Mail list logo