ping size and up it as necessary. I
think R55 uses 64 bytes, but I see my Connectra box uses 1500 bytes for the
SD default.
Ray
From: Mark Elsen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
ipassignment.conf detail
and it will give you a check of whether your syntax is correct. Make sure
the file is on the enforcement module in $FWDIR/conf/ and not on the
management server, although you can perform the syntax check on the
management server.
Ray
From: Lino Eduardo Avila Rodríguez
A total of ten fixes or changes, nothing really significant at all that I
can see. The original SecureClient NGX has been completely problem-free for
us, which is a great track record for having been out for the better part of
a year.
Ray
of users, you can get
away with using the same subnet. However yours ends in .9, which is pretty
low. It does not work like a DHCP resevation.
Ray
From: Lino Eduardo Avila Rodríguez [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
, but
it do work.
Ray
From: Robbie Elliott [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] LDAP / Radius Server Recommendation
Date: Fri, 21 Apr 2006 11
can restore
and get the old SD settings back.
Also make darn sure that the enforcement module and the SmartCenter are on
the same HFA level. There has been at least one SD issue caused by the
enforcement module being few HFA's back from the SmartCenter.
Ray
From: no-need to-list [EMAIL
of dollars each year in maintenance
contracts. I am not happy about this.
When NGX came out, they charged for the eval or expedited delivery but you
could get the CDs for free by regular mail if you were under a maintenance
contract. This is rather petty and pound-foolish, folks.
Ray
if there's something wrong with what I brought with me (like I forgot it).
Witn NGX I don't have that option.
Ray
From: Du¹ko Tubin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
You're being too kind, Mark. I didn't forget it; I didn't know that. :-)
Thanks for the additional knowledge!
Ray
From: Mark Williams [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Is 112963-22 installed? Per sk31124, it can cause core dumps and should be
replaced with 112963-25
Maybe this is a different manifestation of the problem?
Ray
From: Suresh Rajagopalan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
From postings in another venue, it seems R61 is based on R60 HFA02. If you
had issues fixed by R60 HFA03, you might want to hold off moving to R61
until at least the first HFA is released for it.
Ray
=
To set vacation, Out-Of-Office, or away
Thanks for the followup note,
Ray
From: Suresh Rajagopalan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] NGX R61 Solaris 9 unixinstall errors
http://www.cpug.org/forums/showthread.php?t=1450
Check the sig of the person posting.
Ray
From: Mark Elsen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re
If it's managed by SmartCenter, the number of rules is unlimited (as I
recall). If you're using the web UI, the limit is or was 30.
The current firmware is 6.0.63. You're waaay behind. That's the first place
to start.
Ray
From: carlopmart [EMAIL PROTECTED]
Reply-To: Mailing list
Are they using PPPoE with ADSL? PPPoE adds eight bytes to the packet size
causing fragmentation. The fix is to decrease the MTU on the client to 1492
or less.
The most common symptom of this is the ability to authenticate but not
access anything.
Ray
From: Shiroma Dassanayake [EMAIL
From a message posted at
http://forums.isaserver.org/m_2002017242/mpage_1/key_/tm.htm#2002017242
Did anyone else get this? Rather sad if it's true; I was just looking at
their products. There's nothing about it on their web site yet.
http://www.emc-rainwall.com/
Ray
May 22, 2006
Dear
confused in the logs).
Otherwise it tries to find the firewall solely by its downloaded topology.
Ray
From: Neil Kemp [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
NAT, yes, or you'll
get tagged as a possible spammer. You also cannot set an SPF record without
it.
Just make it a generic word. One of our subsdiaries uses
surf.ourcompany.com
Ray
From: Bill Smith [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
to check all of your
subnets to assure their default route is the same.
FW-1 will take care of the routing for you.
HTH,
Ray
From: Peter Addy [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
as they are, yes, then
it will cause a problem and it will not work.
Ray
From: Peter Addy [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Site 2 site VPN
Date
on a regular basis, this gets unworkable rather quickly.
Ray
From: cisco4ng [EMAIL PROTECTED]
To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
CC: [EMAIL PROTECTED]
Subject: Re: [FW-1] Site 2 site VPN
Date: Mon, 12 Jun 2006 03:22:56 -0700 (PDT)
The solution
than you. :-)
What happens with Citrix?
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Site 2 site VPN
Date: Mon, 12 Jun 2006
Agreed. I always do an upgrade_export first and a SmartCenter image second
before I apply patches.
Ray
From: Reinhard Stich [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
with
remote access.
Ray
From: Warrington Bruce - bwarri [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] FIREWALL SETTING
Date: Fri, 7 Jul 2006 11:40
Odd. I use rematch and do not have this issue, running R55 HFA17 on IPSO
3.9, no VRRP.
Bear in mind that keep will keep all existing connections even if the new
security policy does not allow them. They will persist until they end
themselves.
Ray
From: Peter Addy [EMAIL PROTECTED]
Reply
25,000 connections?
Ray
From: Mike Smith [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Firewall slowdown?
Date: Thu, 13 Jul 2006 02:06:00 +
we
activated the FW-1 protections, the URLScan logs have almost no entries, so
the FW-1 protections are doing their job.
HTH,
Ray
From: Erin Young [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
This questrion might be answered faster over on the Discussion Groups of
http://www.sofaware.com (lower left part of the home page). Their tech
support people monitor the forums and post replies as well as it being used
to user-to-user support.
Ray
From: Motta Corrado [EMAIL PROTECTED
Hi Lino,
What are you trying to accomplish by using two IP addresses on the external
interface? On a Nokia box, you normally would have just one IP address and
use proxy ARP and static NAT for any others.
Ray
From: Lino Eduardo Avila Rodríguez
Reply-To: Mailing list
Why is SDL considered risky? We're not using it, but it sure would sove
problems like this.
Thanks,
Ray
From: Yang Xiao [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
will need
simplified mode.
Ray
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] VPN via SSL configuration
Date: Thu, 20 Jul 2006 11:16:58 -0500
, but the JV
employees cannot get their Cisco VPN connections to work.
SecureClient has a remotely configurable and manageable personal firewall to
protect the laptops.
SecureClient can send its logs to SmartCenter for integrated monitoring, the
same as a firewall.
HTH,
Ray
From
Well, you must be feeling good that you have such a unique problem no one
else has eer had it. :-)
I did notice such a post and it is odd that no one ever answered.
Ray
From: Motta Corrado [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
They just started requiring that because spam was making it on to the
boards. After you go into Discussion Groups, upper right just above the date
and time you'll see a Login/Join link.
Those things do have implied rules but I've never seen them documented.
Ray
From: Joe Matusiewicz [EMAIL
Nice job. Thanks for the follow-up,
Ray
From: Motta Corrado [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] stop SmartDefence on remotely managed
, but the error message is nearly identical.
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Errror in installing HFA-03 on Provider-1
Hmmm, I wonder if HFA04 will take four reboots. :-)
Thanks for the feedback,
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1
Post it here. I'm sure their people read this list, although I don't know
how you'll get a fix.
Ray
From: Ramón Echávarri [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
Do you have the Edge set up as managed by SmartCenter or an interoperable
device? Managed seems much more stable.
Ray
From: Mark Elsen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
ofthe IP530. If you do not do this, you will expose your Voyager
login page to the entire world.
In your Remote Access Connection Profiles, you'll probably create a new
profile allowing Visitor Mode.
What version of SecureClient do you use?
Ray
From: Berg-Olsen, Børge [EMAIL
entries for each
of the new IP addresses and set them all to the MAC address of the real
external interface.
I've got an entire Class B, yet the external interface is subnetted as Class
C. I can use any of the Class B addresses simply by adding proxy ARP entries
for them.
Ray
From: Alan
in that way even though it
appears so.
Ray
From: Bill Smith [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] private IP hitting external interface
Date
to us non-CSP mere mortals. :-)
Cisco4ng, you'll be happy to see the release notes now say they do not
overwrite customer's .def changes by default.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED
What firmware are you on? I think 6.0.81 is the latest of the 6.0 series and
6.5 was just released. That's always a good place to start.
Ray
From: Sergio Alvarez [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
You might wwant to keep a copy of 6.0.76 around. I'm always leery of major
releases. I was thinking you might be on a much earlier version.
Ray
From: Sergio Alvarez [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
192.168.10.x is the default internal network, if I recall. I wonder if
something quirky is going on there.
Is there any chance that the DMZ interface is also using that subnet?
Ray
From: Sergio Alvarez [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
They're no different than any other vendor. Check out the minimum specs for
Windows XP:
233 MHz processor 64 MB of RAM minimum (300 MHz and 128 MB or higher
recommended)
http://www.microsoft.com/windowsxp/pro/upgrading/sysreqs.mspx
Ray
I guess what I am trying to say here
Agreed. Maybe Microsoft will buy them. :-)
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Nokia IP130 is a piece of junk
My Connectra test box is a 366 MHz 256 MB box. It takes about five minutes
to boot up and about ten to fifteen minutes to push the policy using the
built-in GUI. It runs SPLAT as well, but supposedly a different version than
FW-1.
Gees, we do have some lame test systems, don't we?
Ray
minutes to push a small policy across a slow WAN
link.
Ray
it takes like 10-20sec to push the policy, comparing to r55 which took a
lot less. usually, i expect it to take less, since ngx is an improvement
over r55.
=
To set vacation, Out
http://www.checkpoint.com/downloads/latest/hfa/connectra.html
There are patches for the v2, R60 and R61 versions of Connectra to remedy
some issue with OpenSSL. See http://www.openssl.org/news/secadv_20060905.txt
for the details.
Ray
=
To set
Point when running FP3
HFA 325? Just because it doesn't generate any errors during the installation
doesn't mean it will work as designed. If there's a breach for any reason
and your company is running mismatched versions, heads will roll even if the
version mismatch wasn't the cause.
Ray
Hi Joe,
TCP 446 or TCP 445?
I'm not sure what you mean by get out. Do you mean you have clients on the
Internet conecting to an internal server and something is getting blocked?
Ray
From: Joe Demarest [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1
Hi Peter,
I'm not sure what you're trying to accomplish. Migrate to what? Both
servers? Combining both into one? Move to a different OS? Are the servers
named the same or is it just that you have duplicate object names on each
server?
Thanks for any clarification you can give,
Ray
From
It was listed in Software Subscriptions today. You have to order a CD but
the documentation is online.
Ray
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist
Click Upgrade kits under Quick Links. Don't go into SS.
Ray
From: no-need to-list [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] NGX R62 released
their CN= line from the certificates tab into the clipboard.
Then paste it into the User field filter and it will work fine. I have to do
this for both SmartView Tracker R55 and SmartView Reporter R56. It's
documented in some obscure document.
Ray
From: Neil Kemp [EMAIL PROTECTED]
Reply
What's odd is that the IPSO wrappers are made available for download. Maybe
they come too late for inclusion on the CD? It certainly is a pain, in any
event.
Ray
From: Hugo van der Kooij [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
external, are subject to way too much potential
abuse such as cache poisoning.
Ray
A common scenario where you would use DNS doctoring is when you have a
Public server on a DMZ and you would like for the machines on the internal
network to be able to access it using it's domain name, but using
as a new feature in
ISA 2004. :-)
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Checkpoint to ISA 2004
Date: Wed, 18 Oct 2006
% and
the long term Voyager graph showed a slow increase over the past six months.
A reboot took it back to 30%. When we went to Nokia's site, we saw the new
build and its release notes.
We upgraded IPSO to 3.9 build 56 and it's been holding steady at 30% for the
past three weeks.
Ray
From
When I originally installed FP3 fresh in 2003, it installed a 20-year
certificate. How old is their installation?
Go to http://smartcenterIP:18264 and download the root certificate and
look at its characteristics to see if that's what happened.
Ray
From: Sergio Alvarez [EMAIL PROTECTED
VPN-1 Power/UTM Release and HFA Version Comparison - Solution ID: #sk32083
lists HFA to version and it says R62 includes the fixes of R60 HFA04.
Ray
From: Jeremy Lieb [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
The Edge's must be authenticated by a certificate to be managed, and that
makes them no more dangerous than a certificate-authenticated remote access
user.
Ray
From: no-need to-list [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
or corporate
firewalls or hotel systems did the same. Since I put the portal and SNX both
on 443 that issue has disappeared.
Ray
From: no-need to-list [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
defaulted to that slow Java rubbish,
which R60 didn't do, and R62 lets you pick. R62 also lets you minimize the
ActiveX SNX window automatically to the tray which is very user-friendly. It
doesn't auto-minimize on IE 7 but works fine on IE 6.
Ray
From: no-need to-list [EMAIL PROTECTED
be if you're passing VoIP SIP traffic. The R60 VoIP
hotfixes are not available for either R61 or R62 yet.
Ray
From: Fred Katsumi [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
I think
PRO = POWER
Express = UTM
I mainly need to be able to read Connectra logs in a real viewer rather than
that web GUI beast. Being able to manage SmartDefense profiles on Edge boxes
separately would also be a plus.
I think I'm talking myself into R62. :-)
Ray
From: Fred Katsumi
to worry about the firewall being disabled.
Ray
From: Torkel Mathisen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] SV: [FW-1] SCV policy
Date: Wed, 22 Nov
This article won't help you change his mind, but it does show what could
happen if you do switch.
http://www.theregister.co.uk/2006/11/17/bofh_2006_episode_39/
Ray
From: Sean Donaghey/HDGH [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
configuration.
Ray
From: sec [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] VPN X IP
Date: Wed, 22 Nov 2006 16:43:15 -0200
Hi,
It's possible to configure
Fixes a PHP problem and includes the previous security hotfixes.
http://secunia.com/advisories/22653
http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html
Ray
_
Share your latest news with your friends
Does your desktop security policy allow all [EMAIL PROTECTED] to receive DHCP
services inbound?
Ray
From: Pooja P. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Yes. Or rather, that's the way I do it and my changes work. :-)
The ipassignment.conf file is one of the very few I know of that must be
modified on the gateway and not the SmartCenter.
Ray
From: Torkel Mathisen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
I won't be back at work for a few days to check for certain, but I think
they just had DHCP in the name.
Ray
From: Pooja P. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST
are but the traffic you're
using is getting accepted on an implied rule (which are always before the
VPN rules)? It doesn't sound like it because of the group thing you're
doing, though.
Ray
From: Markus Schmidt [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
sk16680
Delete HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\SecuRemote\5.0\OM
Ray
From: Jeremy Lieb [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Secure
to the internal OWA server.
I've got ISA behind FW-1 and that's how we do it. FW-1 is blind to SSL
traffic, which is why ISA's ability to perform SSL termination is such a
good addition.
Ray
From: Hugo van der Kooij [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
, that is) :-)
Ray
From: no-need to-list [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] OWA Outlook Web Access in DMZ...need access to Active
Directory...
Date
, and probably an overloaded CP tech
support phone system on a short-staffed holiday weekend, could be a disaster
for us with regard to our SLA's for downtime and for the business
connectivity.
Ray
From: Sergio Alvarez [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
. :-)
FWIW,
Ray
If you just have too many workstations, or adding the proxy configuration
is
just too complicated, why don't you just put the ISA Server between the LAN
and the CP firewall?
You can move the current internal IP of the CP to the ISA, put new IPs on
the external ISA interface
computers are using, you'll need to take into
consideration how it finds the ISA server.
HTH,
Ray
From: cisco4ng [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Do you mean for things like remote help desk access? What does your desktop
security policy look like? We do this all the time.
Ray
From: Esteban Serrano Alvarez [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
those XP boxes off, it does go away, right? I think that's what
you meant by your description of what happens after they're wiped.
Ray
From: Andrew Crawford [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1
While searching on Nokia's site, I found the release notes for R60 HFA05,
which suggests it's imminent for public release. If you have Nokia support,
search on r60_05 and you'll find them. 69 fixes, about 2/3rds of them are
gateway fixes.
Ray
enhancements, it looks like the most
stable combination will use R60 on the gateways if you need the management
features in R61 or R62.
Any comments on that point of view?
Ray
From: Gary Scott [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
with ones
for R60 and the VoIP fixes for R60 get rolled into all of the future HFA's
for all variants, life would be good!
Take care,
Ray
From: Torkel Mathisen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
If you did a database revision on the policy push right before you updated
SmartDefense, you can restore it and you'll get your old SmartDefense
definitions back.
I've gotten in the habit of doing this and making a comment of pre-SD
update on it.
Ray
From: Artyom S. Davidov [EMAIL
? The computer connecting by remote access? How
is an ISP router supplying addresses to the remote access computer?
Ray
_
The MSN Entertainment Guide to Golden Globes is here. Get all the scoop.
http://tv.msn.com/tv/globes2007/?icid
.
Is this the same situation as you're describing?
Ray
No we don't have a MEP configuration but yes site A and site B have a
site-to-site VPN.
What do you mean by client? The computer connecting by remote access?
How
is an ISP router supplying addresses to the remote access computer
to November 4.
Yes, I am the point person for this issue for our company. :-)
Ray
From: Christian ALT [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Day
SecureClient NGX R60
HFA01.
If you're not using dynamic interface resolving, try turning it on. It fixed
some other quirky problems we had.
I definitely do not have their encryption domain set up in mine and I'm
pretty sure they do not have mine in theirs.
Ray
From: [EMAIL PROTECTED]
Reply
of DST.
Ray
From: Liu, David [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Day light saving change in the US
Date: Thu, 18 Jan 2007 21:28:01 -0500
I got a chance to look briefly at the release notes today. Both the later
versions of 3.9 4.1 include the ability to customize DST rules via the
command line interface. I did not look at 3.8.1 but I presume it's the same
way.
Ray
From: Ray [EMAIL PROTECTED]
Reply-To: Mailing list
DNS updates, particularly at the domain registrars if the authoritative
servers will change as a result.
Site-to-site VPNs - let the other side know
Remote access - update sites
Hosts files on the SmartCenter and gateway
all come to mind.
Ray
From: Edouard Zorrilla [EMAIL PROTECTED
The article says a patch has been released, but it's not at
http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html yet.
Note that while this apparently generates a false I'm OK result, you still
need valid credentials to get logged on.
Ray
Compatibility with Daylight Saving Time introduced in 2007
Solution ID: #sk32456
Note that the release notes for IPSO say that CLI can be used to create
custom DST rules. I didn't see anywhere that the new rules are in fact in
place. So...
Ray
What version of Windows and SP level?
No, exceeding the license count is only supposed to generate log entries.
I've never heard otherwise.
The ML370-G3 is about three years old, isn't it? Have you tried running one
of HP's firmware update CD's on it?
Ray
From: Bunyan, Chris - shb
.
Ray
From: Chris Bunyan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] BSOD - help needed
Date: Fri, 26 Jan 2007 10:15:52 -
Hi Ray,
No, I
Can you run it to the OWA server? I've always seen it run to the Exchange
server itself. Are the clients on XP SP2? I think that's a requirement as
well.
Ray
From: Millan, Raul [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST
501 - 600 of 943 matches
Mail list logo
