.
Ray
From: Michael Schwartzkopff [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Checkpoint and MS ISA tunnel
Date: Tue, 9 Dec 2003 17:27:09 +0100
Hi,
anybody established a IKE/IPSEC tunnel between Checkpoint NG
employees and gigs of traffic each day, it goes off very infrequently,
probably less than once a wek, which surprised me. It does grab webmail
attachment viruses, so I know it's working.
Ray
From: Brad Pinkston [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
Mode would prevent problems with their local subnet
being the same as yours.
Ray
From: Brian A. Bohanna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] VPN Question
Date: Wed, 10 Dec 2003 17:34:11 -0500
Hmmm, SO
HFA313.
Ray
From: Moon, Curtis [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] VPN through NG FP3 HF2
Date: Wed, 10 Dec 2003 10:34:28 -0600
We are using NG FP3 HF2 on windows 2000 server. We have about 15 internal
work
pain referred to forcing people to use a virus-scanning proxy, not OPSWAT.
Ray Pesek, CISSP
From: Benny Czarny [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SecureClient Antivirus question
Date: Thu, 11 Dec 2003
Did you se that this can be done with SecuRemote? I know SecureClient NG AI
has Visitor Mode that will allow this.
Ray
From: Israel Novelo Zel [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] VPN over port 80 ?
Date
Are you using Office Mode to feed WINS and DNS information to SecureClient?
Ray Pesek, CISSP
From: Eric Brouwer (Corporate DET) [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] NT domain functions over VPN
Date: Wed
with
the options and lockdowns you want.
Ray Pesek, CISSP
From: Justine Dumur [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] FW1 : SCV on NGAI
Date: Wed, 17 Dec 2003 17:24:45 +0100
Hello,
I want to disconnect my VPN
for a rollback just in case.
Resolution 17086: Known issues in FireWall-1 NG with Application
Intelligence and Resolution 18074: Steps taken during installation of FW-1
NG AI may cause Memory Leak are the articles. If anyone has any insight
into these issues, I'd appreciate hearing about it.
Thanks,
Ray
for an extended period
oftime even early in the morning.
Thanks for you comments,
Ray
From: Hannu Liljemark [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] R55 for Nokia released
Date: Sun, 28 Dec 2003 12:21:29 +0200
On Sat
What is the problem you're having?
Ray Pesek, CISSP
From: Rajveer Kushwah [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Port of Management Server in CHKPNT NG AI
Date: Tue, 30 Dec 2003 20:08:12 +0530
HI,
Can anybody
not connect to the management server from remote GUI clients.
Turned out that the management server needs a route to the EXTERNAL
interface of the enforcement module. The router lacked such a route even
though it had a route to the internal interface. Took a few weeks to figure
this one out.
Ray Pesek
address, which you can confirm with
arp -a again. The command may vary depending on the operating system. This
works for Windows.
Ray Pesek, CISSP
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1
See Check Point article sk2 for a hotfix that needs to be applied to NG
FP3, AI R54 and AI R55 management stations.
I did a search on R55 in preparation for an upgrade tomorrow and ran
across this article. The Edge tunnels apparently stopped working on January
1, 2004.
Ray Pesek, CISSP
I use SC and Office Mode pool IPs and force UDP Encapsulation and IKE over
TCP and the only home router that we have ever had an issue with is the
D-Link 614+.
Ray Pesek, CISSP
From: Shoval Tom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
.
Ray Pesek, CISSP
From: Steck, Steffen M. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Recommended cable / dsl routers for SecuRemote
Date: Tue, 13 Jan 2004 16:48:40 +0100
Hello,
can anybody please tell me which cable
If I recall, and I may not, this popped up on the DNS BIND newsgroups when
Server 2003 came out. It had something to do with Server 2003 making the
packets too large and having to allow TCP through to make it work.
Ray Pesek, CISSP
From: O'Flynn, Derek [EMAIL PROTECTED]
Reply-To: Mailing list
In preparation for doing an FP3 to R55 migration tonight, I ran SmartUpdate
and it told me that SVN for R55 had an update released on Jan. 13th. I
didn't see any documentation on it. Guess I have to upgrade my R55
management server now. sigh
Ray Pesek, CISSP
Well, Nokia said not, even though they didn't know it was out. The IP530 is
now on SVN build 143 and the management server is on SVN build 142. The
whole FP3-R55 upgrade took about 20 minutes using SmartUpdate and there
were no issues at all.
Time to go home!
Ray Pesek, CISSP
From: Ray Pesek
.
In any event, it worked just fine like this.
Ray Pesek, CISSP
From: Robert Rutherford [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] R55 SVN Update - how?
Date: Thu, 15 Jan 2004 08:35:54 +
You shouldn't get any
), the
workload has to go up. IPSO keeps getting bigger as well. With 3.6 FCS13 and
3.7build32 images only, I'm at 69% of the boot partiton utilization. I used
to be able to keep three IPSO images on it.
I'd definitely bring it up to 512MB just to keep from having problems in the
future.
Ray Pesek, CISSP
even after you've
changed it so it's not a reliable indication of what it currently is. If
your firewll is at NG AI, then this isn't necessary as AI can set the MTU
dynamically.
Ray Pesek, CISSP
From: FW1 [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
and that
didn't include the actual remote access software or hardware!
Our license for 500 users of SecureClient, which included the software
firewall, one vendor and one platform, and the remote access software came
to less money that just the software firewall system.
Ray Pesek, CISSP
From: Robert
What's df -k show for available space on wd0f (or maybe it's wdf0)? That's
the boot partition and you need at least 140 MB (14) of free space to
get IPSO 3.7b32 installed.
Ray Pesek, CISSP
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL
on how to boot into single mode. On the IP440, the command is
simply-s whereas on other platforms it isboot -s
Sorry if some of this didn't apply to the IP440. It seems to be a totally
diferent animal from other platforms bcause I keep reading except for the
IP440 in various documents.
Ray
I see a download for a boot floppy for the IP400 series on the same Nokia
page where you got the IPSO 3.7 image from. Or are you talking about
something different?
Ray Pesek, CISSP
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
one was
used to originate the connection? There are only two static routes on the
IP530: One to the next hop router inbound and the default route out to the
next hop router between the IP530 and our ISP.
Thanks for any thoughts,
Ray Pesek, CISSP
in Office Mode. Click Ignore
to ignore this warning and connect. Click Disable to disable ICF for all
network connections now.
I clicked Disable and got a warning titled Internet Sharing Configuration
warning me that the change was to be made.
Ray Pesek, CISSP
You could just define a simple TCP service object with the ports as a range
(49500-50500). Ranges work as well as single ports.
Ray Lodato
617-578-3197
[EMAIL PROTECTED]
|-+
| | Russell Aspinwall
Are you asking about remote access VPN or site-to-site VPN?
Ray Pesek, CISSP
From: Javier Lara S. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] the session time in a Nokia
Date: Fri, 23 Jan 2004 18:31:27 -0600
and we'll be upgrading it after
we make the move.
Thanks,
Ray Pesek, CISSP
_
Check out the coupons and bargains on MSN Offers!
http://shopping.msn.com/softcontent/softcontent.aspx?scmId=1418
address moving an enforcement module from one management server to another.
Any ideasa would be freatly appreciated!
Ray Pesek, CISSP
From: O'Flynn, Derek [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Managing two
In Connect mode, have them put in their certificate password and click the
View Certificate button after they type it in. Click the Change Password'
button and away you go!
Ray Pesek, CISSP
From: Helen Delany [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL
licensing at all.
I am not using Check Point Express, though. Seems to me I recall there being
some licensing issue with Express.
Ray Pesek, CISSP
From: Joe [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Upgrading from NG
Microsoft's clients don't really disable it. Any user can uncheck the use
default gateway on remote or whatever it says and get split tunneling.
Sorry, I don't know about SR. We use SC and the desktop security policy to
stop it.
Ray Pesek, CISSP
From: Ruiyuan Jiang [EMAIL PROTECTED]
Reply
, which is what UDP Encapsulation and IKE over TCP
fix. We force it for everyone, but we have SecureClient and can do that with
the packaging tool so they can't mess withthe settings.
Ray Pesek, CISSP
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
sk22767 should do it. I also believe this has been handled in the latest
version of SecureCLient NG AI R55.
Ray Pesek, CISSP
From: Justine Dumur [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] SCV timeout ?
Date
Thanks, Thomas. We got it running today using the same steps as you gave and
the old management server is getting formatted.
Ray Pesek, CISSP
From: Kunz, T [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] AW: [FW-1
I think Check Point's doc is behind the times. Don't know about the hotfixes
but I would suspect they are included. We went from FP3 directly to R55.
Ray Pesek, CISSP
From: Remi Sader [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED
And the trick is .
Push the security policy after editing ipassignment.conf
Ray Pesek, CISSP
From: Ray Pesek [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] ipassignment.conf - What's the trick?
Date: Thu, 29 Jan
Nokia and ask them.
Ray Pesek, CISSP
From: Luque Quiroga Federico [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1]
Date: Fri, 30 Jan 2004 12:22:28 +0100
Hi,
We had the following configuration:
Two Nokia IP380 boxes
. Is that correct?
Ray Pesek, CISSP
From: kypros Politis [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Problem with SecureClient
Date: Fri, 30 Jan 2004 17:01:59 +0200
Hello guys ,
I have the following scenario :
Lan:10.0.0./8
http://www.checkpoint.com/techsupport/alerts/h323.html - requires a software
subscription to get them.
Ray Pesek, CISSP
_
What are the 5 hot job markets for 2004? Click here to find out.
http://msn.careerbuilder.com/Custom/MSN
Do you have the cache password on desktop box checked? Can't remember the
exact wording.
Ray Pesek, CISSP
From: Shoval Tomer [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] saving securemote password
Date: Tue, 3
is there the corresponding
hash file. The replacement table.def file was there, however.
Anybody else run into this? We've never made any modifications to base.def.
Ray Pesek, CISSP
_
Check out the coupons and bargains on MSN Offers!
http://shopping.msn.com
Might be Global properties, but I can't remember and I won't be at that
office today.
Ray Pesek, CISSP
From: Shoval Tom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] saving securemote password
Date: Wed, 4 Feb
Thanks, Guy. I was going to do a file compare to see if anything had
actually changed, which I presume it must have otherwise there wouldn't be a
reason for a new version, but it was a bit difficult with only one file.
:-)
Ray Pesek, CISSP
From: Roelandts, Guy [EMAIL PROTECTED]
Reply
station's default gateway pointed at the router, things broke because there
was no route to the external interface.
Ray Pesek, CISSP
From: Bill Mathews [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] NG With AI on Nokias
I think you can fix this in SmartDefense in AI instead of base.def. At least
R55 has a checkbox you can un-check. I'm pretty sure R54 does as well from
my past reading.
Ray Pesek, CISSP
From: Oeztuerk Kerem [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
and it takes a long time to
install a policy. If you install a minimal policy, say about three rules,
does it still happen? How many objects are defined?
Ray Pesek, CISSP
From: Bill Mathews [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
and you followed the recommendation, your backups broke as a
result.
Ray Pesek, CISSP
From: Simon Ashford [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Disabling certain Firewall-1 control connections ports.
Date: Thu, 5
You know, it kind of bothers me that all of these articles claim the issue
is in the HTTP security server as well as the AI component and that an
exploit has been developed, yet the Check Point article says it's
theoretical and only affects the security servers.
I wonder who is correct?
Ray Pesek
are idential
to that of the Windows 2000 management station, which is no modifications.
It recommended I not continue, so I didn't. Has anybody seen these issues?
Thanks,
Ray Pesek, CISSP
_
Choose now from 4 levels of MSN Hotmail Extra
That's comforting to know. I was going to back up user.def for some reason
and then go for it.
Thanks,
Ray Pesek, CISSP
From: Brendan Laws [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] HFA R55 01 problems
I think R55 is good for 2003. Any reason you can't go R55?
Ray Pesek, CISSP
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] NG-AI SmartCenter Server on Windows 2003 Server?
Date: Mon, 9 Feb 2004 16:54:03
of uncertainity for
us.
Ray Pesek, CISSP
_
Let the advanced features services of MSN Internet Software maximize your
online time. http://click.atdmt.com/AVE/go/onm00200363ave/direct/01
If you're not aware of it, you can put the management station on R55 and
have it manage R54 enforcement modules without any problems..
Ray Pesek, CISSP
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] NG-AI
If you're switching between a LAN NIC and SR without rebooting, or dial-up
LAN, etc., the routing table on the computer is probably the culprit. They
get confused when you do stuff like that because they think the old route is
still available.
Does SmartView Tracker show anything?
Ray Pesek
Unfortunately it seems some routers just won't work. We ended up replacing a
Dlink 614+ with a 714+ and all of the connectivity problems vanished.
Ray Pesek, CISSP
From: Girard Moussa [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED
SecureClient traffic biut it still shows all of it,
including the user whose name is now not.
It did this in FP3 and is still doing it in R55. Can anyone else confirm
this behavior, or that it works for them, when using ICA user certificates?
Thanks,
Ray Pesek, CISSP
box.
We also beat it into our employees to look at the tray icon after
connecting. We tell them that if they can see the keyhole in the padlock
after they think they are connected, something is wrong.
Ray Pesek, CISSP
From: José María Gabaldón [EMAIL PROTECTED]
Reply-To: Mailing
Nokia has changed that position and now reports 3.7.1 as OK for NG AI R55,
Ray Pesek, CISSP
From: Bank, Albert [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] FP3 to R55: vpn woes [Virus checked]
Date: Fri, 20
When R55 was released, the notes for it and for 3.7.1 had a big message in
red letters that only 3.7 build 32 was supported for R55 and that 3.7.1 was
not. A month or so later they revised the notes to say 3.7.1 was now
supported.
Ray Pesek, CISSP
From: Demetrio Leon Guerrero (DLG) [EMAIL
What process is going to 100%? We had lhttp do it (http security server) and
we weren't using it, so we commented it out. Once we moved from FP3 to R55 I
re-enabled it and all has been well. I think this issue was resolved in FP3
HF2 HFA20 or so.
Ray Pesek, CISSP
From: Michael Schwartzkopff
Nokia has a KB article on this saying it is a benign message and will be
suppressed in a future revision.
Ray Pesek, CISSP
From: Jimmy Rodriguez D. [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] FW-1
It counts the number of people in the user group authorized to logon to the
policy server.
Ray Pesek, CISSP
From: Croft, Ed [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Counting number of Secure Client licenses
.
Ray Pesek, CISSP
From: Justine Dumur [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Counting number of Secure Client licenses used
Date: Sat, 28 Feb 2004 17:23:34 +0100
I'm asking the same question as Ed, where
If you try to traceroute from your desktop to one of their IPs, does it head
to the firewall or to your remote office? That will tell you if it is the
problem.
Ray Pesek, CISSP
From: David Wellington [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
Well, that's good in that the routing is correct (it's heading to your
firewall and not your remote office). From your desktop, can you ping the
internal interface of their firewall?
Ray Pesek, CISSP
From: David Wellington [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
When you find the answer, please post it, because I'm looking at SecureID
myself...
Thanks,
Ray Pesek, CISSP
From: Mark E. Smith [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Counting number of Secure Client
Have you tried using MTUAdjust on the client to drop the MTU to 1300 or so?
Ray Pesek, CISSP
From: David Strom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Odd SecuRemote behavior by WinXP Pro
Date: Thu, 4 Mar
the local.scv file on the laptop is not obscured in any way and he
could open it and see what you're checking for.
Ray Pesek, CISSP
From: Brett, Gary [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Secure Client Abuser
box never showed up again. I don't see any reason why you
couldn't put it in the desktop policy, though.
HTH,
Ray Pesek, CISSP
From: Brett, Gary [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] SecureClient - Outlook
release of FW-1. The other good news is that the security servers are
supposed to be replaced by kernel operations in a forthcoming release as
well.
Martin, make sure you are also blocking the P2P service group outbound as
well.
Ray Pesek, CISSP
From: O'Flynn, Derek [EMAIL PROTECTED]
Reply
No, that wasn't mentioned at the InterSpect seminar. Good to know they're
planning it, though.
Ray Pesek, CISSP
From: Martin Blankestijn [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] How to block Kazaa
by firing up SecureClient on the LAN
on my desktop and performing the steps above. It's definitely a
FW-1/SecureClient issue and not an Exchange issue.
I'm at my wits end. If anyone can lend a suggestion, I'd sure appreaciate
it.
Ray
_
Get
OpenSSL fix.
Ray
_
FREE pop-up blocking with the new MSN Toolbar get it now!
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
=
To set vacation, Out-Of-Office, or away messages,
send
Make sure you go right to HFA02 for R55 as it fixes a problem with Edge and
Safe@ boxes not being able to create a tunnel after Jan. 1, 2004. There's
also a hotfix for that problem, but you're probably better off going
straight to the hotfix accumulator.
Ray Pesek, CISSP
From: Jason O'Donnell
From the internal interface or the external interface? When I do it, it's
logged on Rule 1, which is where I allow the admins to access the Nokia box
via https.
Ray Pesek, CISSP
From: Mark E. Smith [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
Whoa, that's scary. this was from the external interface?
Thanks for the follow-up,
Ray Pesek, CISSP
From: Mark E. Smith [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Voyager Access - Default Rule
, we're seing a drop that says the Citrix connection violates a
unidirectional connection.
Ray
From: Hennessy, Robert [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] R55 HFA02
Date: Fri, 26 Mar 2004 11:06:17 -0500
Hi
experience.
Ray
From: Marsh, Richard [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Next version of Checkpoint firewall
Date: Mon, 29 Mar 2004 11:12:33 -0500
It's funny you mention that I am actually trying
There's new builds of IPSO to go along with it.
Ray
From: Joe Matusiewicz [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] New Open SSL Vulnerability
Date: Mon, 29 Mar 2004 11:35:13 -0500
Just saw this on another
Fixed. In Policy/Global Properties/Stateful Inspection, we had to check
Accept stateful UDP replies for unknown services.
Ray
From: Ray Pesek [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] violated unidirectional
HFA02 was showing DCE-RPC drops on
pseudo rule 998 and messing up Outlook.
Ray
From: Daniel Samaan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Exchange and Outlook ports
Date: Tue, 30 Mar 2004 10:56:41 -0600
Can
, no
VPN connection. Kind of a chicken-or-egg thing. If you have a forced browser
home page, you could create an outbound rule to allow HTTP to it, even if it
is unreachable from the Internet. This is enough to trip the STSN page.
Ray
From: Brett, Gary [EMAIL PROTECTED]
Reply-To: Mailing list
iPass and it
needs to know the path to ConnSHApp.exe.
Ray
--- Brett, Gary [EMAIL PROTECTED]
wrote:
Thanks, do you know of any docs/whitepapers that
explain how to use the
SecureClient Packaging tool ?? and also, is this
function available for NG
FP3 ??? or is it an AI feature?
-Original
to the firewall, the [EMAIL PROTECTED] rule drops all HTTP/HTTPS packets.
Ray
From: Brett, Gary [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SecureClient - Blocking web browsing
Date: Mon, 5 Apr 2004 15:13:55 +0100
Since that is a non-routable range, won't you have to NAT it?
Ray
From: Torkel Mathisen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Problems getting trafikk from 172.27-range through
Checkpoint R55
Date: Mon, 5 Apr
to logon to the policy server, not by the number of actual
people using it. Is it possible you have users who do not have SecureClient
and that are in that group (since you only have 40 in SmartCenter, maybe
it's the Radius group)?
Ray
_
MSN
Just noticed it's posted. The release notes do not show any support for NT 4
or Windows 98 any more. This thing is very different in its look.
Ray
_
Persistent heartburn? Check out Digestive Health Wellness for information
permanently.
Ray
From: Ray Pesek [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] New R56 version of SecureRemote/SecureClient available
Date: Wed, 7 Apr 2004 22:03:59 -0400
Just noticed it's posted. The release notes do not show
.
Ray
From: Kingsley Chu [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] FW: Software Problem Escalation: Secure Client Policy
Server problem
Date: Thu, 8 Apr 2004 14:18:18 +0800
HOW CAN Checkpoint counts those Users
Nope, sorry. We're using SecureClient with Office Mode to beat the same IP
blues and have not seen this at all on our R55 IPSO 3.7 box.
Ray
From: Matt Arntsen [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] securemote
article sk15949 - I've seen this one mentioned often when the VPN
seems to be one-way.
Ray
From: Jim Burwell [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] NG FW-1 object w/ private IP...will VPN function ?
Date: Sat, 10 Apr
Turn off IKE property Supports key exchange for subnets and install the
policy.
From: J. Ruff [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] IKE Phase2 wrong subnet mask
Date: Mon, 12 Apr 2004 10:33:05 -0400
I've got a
firewall. I just let them drop.
Ray
From: Mateo Cabrera - Easynet SRL [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] SmartDefense ERROR
Date: Mon, 12 Apr 2004 15:44:11 -0300
guys:
Somebody knows exactly that means
I can tell you that if you install the R55 version of SecureClient and ICF
is running, SecureClient pops up an informative dialog box and gives you a
button to turn ICF off.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED
the enforcement module. If there is, I'd sure like to
know how to do it.
Ray
From: Bernardo Santos Wernesback [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] What happens to a Checkpoint Cluster if Management Server
Crashes?
Date
logs. Their logs indicated I had a network configuration
dialog box open during the upgrade, which prevented their Virtual Adapter
from installing. I don't recall it, but it's certainly possible.
Anyway, we did an uninstall, an R55 install and an R56 upgrade and
everything is working perfectly.
Ray
801 - 900 of 943 matches
Mail list logo