AW: [FW1] icmp service to allow mtu discovery

2000-07-06 Thread Hoffmann, Axel
Hi, AFAIK for mtu-discovery ICMP Type 3 Code 4 is needed (Fragmentation needed but DF set). If you allow "destination unreachable" inbound which is Type 3 it should work. regards, Axel Hoffmann System Engineer -- Eckmann Daten

Re:Re: [FW1] Core Solaris installation again

2000-07-06 Thread icakmakli
Thanks, it works. I hope, other modules including H.A. won't need any other package. Regards. Ihsan - On Thu, 6 Jul 2000 [EMAIL PROTECTED] wrote: > I am looking for Core Solaris 2.7 installation of fw 4.1 on Ultra 220, 250, > 420

[FW1] HW/SW recommendations

2000-07-06 Thread Thomas Nau
Hi, what hardware and software (Nokia vs Checkpoint) will you need to handle 1GigE line. There's no VPN involved. Will 2,3,... Sun's (dual CPU 450MHz or the like) be enough? Thomas == PGP fingerprint B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED == Thought you got rid of all

RE: [FW1] RADIUS Questions Answered

2000-07-06 Thread Dean Cunningham
Brian, can't remember if I passed this info on or not, but I have got some good support from MS people at the newsgroup microsoft.public.internet.radius and they definitely recommend going to sp6a cheers deanc > install both IAS updates from link below mcis first then sp6a > http://www.m

[FW1] Backing up NT firewall

2000-07-06 Thread Dennis Pasadis
I suggest you use Ghost or Drive Image to create an image of the hard drive and save it on a server that is backed up. In the event of disaster, you can reload the disk image in about about 15 minutes. The process works like this with Ghost: - you create a DOS boot floppy that can log into th

[FW1] RADIUS Questions Answered

2000-07-06 Thread Brian C. Kovatch
Gang, Thanks to everyone who replied to my RADIUS question. In the interest of summarization for all involved, basically, from the folks out here in the list, it looks like NT "Option Pack" RADIUS will work PROVIDED you have SP4 or less on the host with Option Pack on it. If you apply Servi

RE: [FW1] A point of principal

2000-07-06 Thread Wentzel, James (ITD)
I will give you my personal opinion to your questions. I personally like the way rules are processed in the Checkpoint firewall. It starts at rule number 1 and if this rule applies to the packet and action is taken if this rule does not apply it goes to the next rule. This is very easy to unde

RE: [FW1] Napster

2000-07-06 Thread Irwan Shahrin Ismail
Another thing to add is that if your internal users are using Hide NAT, they would be protected from external access anyway .. -Original Message- From: James Edwards [mailto:[EMAIL PROTECTED]] Sent: Friday, July 07, 2000 12:05 AM To: 'Sam Ghannadi'; 'fw-1-mailinglis' Subject: RE: [FW1] N

RE: [FW1] send mail in dmz

2000-07-06 Thread Irwan Shahrin Ismail
The rules you have set should be sufficient. The default gateway for the mail server should point to the firewall's DMZ nic, not the internal nic. e.g. If you have 192.168.1.x as the internal network (with 192.168.1.1 as the internal gateway) and 192.168.2.x as the DMZ network (with 192.168.2.1 a

RE: [FW1] send mail in dmz

2000-07-06 Thread Wentzel, James (ITD)
Norman, Has anything been entered into the DNS for the mail server? You will most likely need an A, PTR and MX record. Something like: Domain. IN MX 10 smtpserver.domain. Smtpserver.domain. IN A legal-IP-address And for the reverse DNS lookup Leval-ip-address.

[FW1] send mail in dmz

2000-07-06 Thread Norman Zhang
Hi, Can someone please tell me what rule that I have to set to enable my mail server (Exchange Server) to send/receive mail to/from the Internet? My mail server is in the DMZ, with a valid ip. I have set a rule that allow from any to the mail server through smtp, and vice versa. My default gatew

[FW1] Nokias support UDP Broadcast forwarding???

2000-07-06 Thread D H
Does anyone know if the Nokias support UDP Broadcast forwarding or, in Cisco terminology, a "helper addresses" for braodcast addresses? Here's the background info. Our Nokia 650 FW has a VPN DMZ, after the traffic is decrypted, it is routed throught he FW to the internal network. We are using

[FW1] A point of principal

2000-07-06 Thread Paul Messer
Dear All, someone please give me their opinions Our rule base has been left unattended for a little while...I know the in's and out's of creating rules and stuff like that...but I was thinking of a reorganisation Is it better to put all the accept rules at the top so that these are exe

[FW1] Odd PING from firewall

2000-07-06 Thread Fontelera, Jaime C.
My firewall is sending pings to 149.1.1.1 on a periodic basic. 149.1.1.1 IP address points back to PSINet ISP. Any ideas why? Thanks, Jaime To unsubscribe from this mailing list, please see the instructions

RE: [FW1] Scans on Ports 33435 through 33454

2000-07-06 Thread Dean Cunningham
Yep, can be from service providers that, when someone hits a webpage they host, they traceroute back to you to find out your physical location, then point you to the closest mirror of that site. Still worth a follow up email to the originating site if the scans are annoying you. I consider such b

[FW1] Arcserv Backup agent for Unix ?

2000-07-06 Thread Ryan Finnesey
Hi all     is anyone using the ArcServ backup agent for Unix to back up Checkpoint ?   Ryan V. FinneseyNetwork Administrator @tmosphere Interactive 1375 Broadway, 11th floor New York, NY 10018 212 827 2507 phone 212 827 2525 fax [EMAIL PROTECTED]  

[FW1] Scans on Ports 33435 through 33454

2000-07-06 Thread Ms. Allen
Aren't these "scans" really traceroutes ? --- Karim Amrani <[EMAIL PROTECTED]> wrote: > Date: Thu, 06 Jul 2000 19:20:20 +0200 > From: "Karim Amrani" <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Cogelog > To: "Truszynski Carl G." <[EMAIL PROTECTED]> > CC: "'Checkpoint Maillis

[FW1] service dcom

2000-07-06 Thread emanuela.sacchettini
Hi, our customer needs to use the service 'dcom' for same application. This service uses a dinamic assignation of ports. Can someone help me for the definition of this service? thanks a lot regards manus To

[FW1] VPN from home with Cable

2000-07-06 Thread Perbix Michael
I have a network admin who would like to connect via their cbale modem to our network. what would the process be for that? I looked over a few Faq's but am unsure of the exact steps needed, does all the VPN stuff come with or is downlaodable from Checkpoint? Is there an extra cost? What else

[FW1] Backing up NT firewall

2000-07-06 Thread Perbix Michael
I want to be able to back up the NT firewall, since it is on it's own little domain etc, I can not use regular NT permissions to give the backupexec program access. Can I run the Backupexec agent on NT and give special permission to ONE server to access it via IP? Anyone have any other suggesti

[FW1] put key command - management console vs. firewall module

2000-07-06 Thread Waskley Wabbit
I have a question about the put key command. We recently inherited several firewalls being managed by one management server/firewall. Two of the sites are having timeout connections. Looking into the phoneboy faq: Failed to Install Security Policy, it explains that the module doesnt recongize the

Re: [FW1] Core Solaris installation again

2000-07-06 Thread Lance Spitzner
On Thu, 6 Jul 2000 [EMAIL PROTECTED] wrote: > I am looking for Core Solaris 2.7 installation of fw 4.1 on Ultra 220, 250, > 420 and 450 platforms. I use Lance Spitzner armoring documents on Ultra-5 > and 10 and it works fine. However, on above platforms FW installation gives > "segmentation faul

RE: [FW1] Odd PING from firewall

2000-07-06 Thread Thomas . Poole
1) Take a look at the route tables on the firewall and validate 2) Any dynamic routing protocols running the firewall? 3) Do you have control ip forwarding set on the management server? Since it seems to work fine when the firewall service is not running, why not remove ICMP from the implied ru

[FW1] icmp service to allow mtu discovery

2000-07-06 Thread D H
We might be having an MTU discovery problem, and I remember reading about this in the paper at: www.feelabs.com/~whitis/isp_mistakes.html Is there a predefined FW-1 icmp service which allows ICMP "too big" messages so that I can make sure I'm not breaking PMTU discover??? Background info: We

RE: [FW1] Telnet port timeout

2000-07-06 Thread Thomas . Poole
Since Telnet is a tcp based service, the default timeout for TCP is 3600 seconds (60 minutes) This is under policy/properties/tcp session timeout. Thomas -Original Message- From: Scott Becker [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 06, 2000 4:12 AM To: [EMAIL PROTECTED] Subjec

RE: [FW1] Napster

2000-07-06 Thread Thomas . Poole
This works only if local users are sharing on the default ports. Thomas Poole -Original Message- From: Eames, Joel E. [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 06, 2000 12:03 PM To: 'fw-1-mailinglis' Subject: RE: [FW1] Napster SOURCE - DESTINATION - SERVICE -ACTION int

RE: [FW1] primary IP-address

2000-07-06 Thread Thomas . Poole
I have gotten it to work either way, but CheckPoint may not support you if you do not license the external interface. ie- Best Practice would be to use external. Internal is obviously easier, especially if you may change ISP's... Thomas Poole -Original Message- From: Uy, Alex [mailto:[E

Re: [FW1] High Availability (Solaris and Nokia)

2000-07-06 Thread Bob Brandt
As mentioned in several of the replies to your post it was noted that Nokia's HA solution relies on VRRP, which provides failover, but not load sharing in an of itself. You can, as mentioned, configure "static" load sharing (i.e. one subnet uses one firewall as primary, and another subnet use

Re: [FW1] Scans on Ports 33435 through 33454

2000-07-06 Thread Cedric Amand
Hello Carl, TCG> I've recently been getting alerts from our firewall that pert 33435 TCG> through 33454 are being scanned repeatedly. Does anyone know of a site that TCG> lists ports used by Trojans and backdoors that I can use as a reference to TCG> check these out? this is probably j

[FW1] Core Solaris installation again

2000-07-06 Thread icakmakli
Hi, I am looking for Core Solaris 2.7 installation of fw 4.1 on Ultra 220, 250, 420 and 450 platforms. I use Lance Spitzner armoring documents on Ultra-5 and 10 and it works fine. However, on above platforms FW installation gives "segmentation fault- core dumped" errors. Regards. Ihsan Cakmakl

Re: [FW1] High Availability (Solaris and Nokia)

2000-07-06 Thread hermit1
Nokia's HA is VRRP (free), with a Monitored Circuit option (also free) to cause any/all interfaces - you choose which ones - to fail over whenever any one of them does. In my tests, it fails over in about 3 seconds, and fails back in about 6 seconds - not long enough for anyone to really not

Re: [FW1] High Availability (Solaris and Nokia)

2000-07-06 Thread Jack Coates
I'd suggest that you get Suns and a more scalable HA product, such as, oh, I don't know, Rainwall :-) Nokia's VRRP solution bears some very close resemblances to the HSRP protocol that it's descended from. It's a master/slave relationship which requires that one box be passively listening for th

Re: [FW1] RE: Firewall-1 Mailinglist Digest V1 #1270

2000-07-06 Thread Jason Witty
You've run out of kernel memory for the firewall state table. I'm guiessing your CPU load just wnet nuts too, right? Anyway, www.phoneboy.com lists the fix for this, which is to add the line: set fw:fwhmem=0x400 to your /etc/system file and then reboot. Actually phoneboy suggests a small

Re: [FW1] Scans on Ports 33435 through 33454

2000-07-06 Thread Karim Amrani
I use this one... http://www.simovits.com/nyheter9902.html HTH, Karim "Truszynski, Carl G." wrote: Hi all,     I've recently been getting alerts from our firewall that pert 33435 through 33454 are being scanned repeatedly.  Does anyone know of a site that lists ports used by Trojans and backd

Re: [FW1] Scans on Ports 33435 through 33454

2000-07-06 Thread Jason Witty
Carl, On my site, http://www.wittys.com/files/all-ip-numbers.txt is probably the list you're looking for. Off the top of my head, what you're seeing is traceroute (so long as it's UDP). Hope this helps! Jason "Truszynski, Carl G." wrote: > > Hi all, > I've recently been getting aler

RE: [FW1] High Availability (Solaris and Nokia)

2000-07-06 Thread Rob Cryan
The nokia platform is FreeBSD unix that is thinned out a bit. The HA option is using VRRP. I have implemented it and it works fine. Moving from Solaris to Nokia is not that difficult and will provide you with a few benefits. The Nokia platform tends to be slightly easier to config (for non-

[FW1] RE: Firewall-1 Mailinglist Digest V1 #1270

2000-07-06 Thread Moore, Bruce
Folks, Any ideas why I am getting these error messages on my Solaris, sparc, IOS 2.6 FW-1 v 4.0 with 256M memory. See error message below. excerpt from /var/adm/messages file... Jul 6 16:40:55 mcfw unix: FW-1: fw_init_xlation_tables: fw_xlate_set_tables fai led Jul 6 16:40:55 mcfw u

RE: [FW1] NAT doesn't always work on first octet

2000-07-06 Thread Maxi Tracy A Contr AFRL/SNOO
Thanks for your response. I have upgraded to SP5 (Build 4094). This did not effect the problem in any way unfortunately. Any other ideas? Thanks, Tracy To unsubscribe from this mailing list, please see th

[FW1] Scans on Ports 33435 through 33454

2000-07-06 Thread Truszynski, Carl G.
Hi all, I've recently been getting alerts from our firewall that pert 33435 through 33454 are being scanned repeatedly. Does anyone know of a site that lists ports used by Trojans and backdoors that I can use as a reference to check these out? ==

[FW1] High Availability (Solaris and Nokia)

2000-07-06 Thread John Loshbough
I am currently running our Firewall (version 4.0) on a Solaris 2.6 box and am looking to upgrade the hardware and software. Shortly after the hardware is upgraded I'll have budget to add a high availability option. One of our people went to a Nokia sales presentation and said that we don't

Re: [FW1] Management station configuration problems

2000-07-06 Thread Jason Witty
Check Point is usually pretty good about backwards compatability, but I've never seen a software manufacturer do firewards compatability Check Point would definitely say that your management console must be the most current - regardless of authentication, moduels change, object formats might

[FW1] 4.1 release notes

2000-07-06 Thread Hal Dorsman
Can someone please point me to the release notes for 4.1? I am having trouble locating them on Checkpoints site. Also any whitepapers on migration/upgrade issues and procedures, if available. TIA Hal Hal Dorsman Data Network Engineer Blackfoot Telephone Cooperative Missoula, Montana, USA [EM

RE: [FW1] Napster

2000-07-06 Thread James Edwards
If you have your firewall set up like most people, you have already done it. Most people are very careful about what they let in, only allowing certain services to certain machines and blocking everything else coming in. If this is the case, you have already blocked an external person from acces

RE: [FW1] Modifying Nokia Files

2000-07-06 Thread Samuel Wuethrich
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've successfully created a directory under /opt/maintenance and put in a shell script doing some logswitch-stuff. Rebooting doesn't affect these (IPSO 3.1.4 and also 3.2). Nokia's installed ftp tool knows about .netrc, which could contain any macros

[FW1] Can some one please post the release notes for FW-1 4.0 SP6?

2000-07-06 Thread Eames, Joel E.
I'd like to see what was fixed / changes / broken. Thanks, Joel Eames -- Texas Children's Hospital Information Services Data Security Analyst -- (713) 770-4441 > -Original Message- > From: Eames, Joel E. > Sent: Thursday, July

Re: [FW1] SecuRemote question

2000-07-06 Thread Emmanuel LUCAS
As I said above on my first append, I have tried with 2 IP addresses in 195.x.x.x and the firewall log show me the good client IP address. So does it means that there is no address translation ? Cordially Emmanuel Lucas. - Original Message - From: Jim Brown <[EMAIL PROTECTED]> To: 'Emma

RE: [FW1] Napster

2000-07-06 Thread Eames, Joel E.
SOURCE - DESTINATION - SERVICE -ACTION internal-net any and 6699 allow anyinternal-network and 6699 drop That should do it. Joel Eames -- Texas Children's Hospital Information Services Data Security Analyst

[FW1] INSPECT code for Stateful ICMP (FW-1 4.0 or 4.1)

2000-07-06 Thread Jean Chouanard
Based on the existing code of Checkpoint, I have implemented as an example a stateful version of ping. Stateful ping mean that an ICMP echo-reply will be accepted *only* if the FW-1 have seen before an ICMP echo-request, if the src<>dst match the dst<>src and if the icmp-id and icmp-seq matc

RE: [FW1] Management of Multiple Nokia boxes from a NT platform

2000-07-06 Thread Barrientos, Victor
Yes, you can have defferent rule base for each boxes. Take care on Install On Field on Security Policy Tab Victor Barrientos Security Engineer Tivoli certified Consultant RSA Security Certified RSA ACE/Server Engineer Tel: 54-11-4819-3903 Faxl: 54-11-4811-7103 > Telefónica > unifon > www

RE: [FW1] Management of Multiple Nokia boxes from a NT platform

2000-07-06 Thread Rob Cryan
You can have an individual rulebase for each firewall and, yes, you can share the objects.C contents. You create a rulebase with a specific firewall in mind and then push it to the firewall in question. Repeat this for each firewall saving each rulebase with a different name. Alternatively you

RE: [FW1] SecuRemote question

2000-07-06 Thread Jim Brown
You're problem is most likely tied to the probability that your cable modem is performing some type of NAT on the client's IP address. Unless you can map those inbound UDP packets from the firewall to your client you will never be successful using SecuRemote. There is probably no address transla

[FW1] Napster

2000-07-06 Thread Sam Ghannadi
Hi everybody: Probably we all know how to block Napster for internal users, but how I can let the users to download from Napster but block Napster users to come in to our network. Thanks Sam Ghannadi To u

Re: [FW1] FW-1 memory leak issue!

2000-07-06 Thread Olaf Selke
According to Irene Cai: > > I am running FW-1 4.0 Build 4156 on Solaris 2.6 (SUN Ultra-60) > platform. Currently I have memory leak problem, the system free memory drop > significant daily. Does anybody there has similar problem. Please post > information or resolution. hoi, Build 4156 me

Re: [FW1] SecuRemote question

2000-07-06 Thread Emmanuel LUCAS
I am using SR Client build 4003 and my Firewall is v4.0 sp2 but It works using RTC or ISDN line ! The problem comes with cable modem. Cordially Emmanuel Lucas. - Original Message - From: Dallas Bishoff <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 06, 2000 4:26 PM Sub

[FW1] RE: move and upgrade rules

2000-07-06 Thread Trent
I'm happy to say that my upgrade yesterday was sucessfull. We upgraded to a new hardware platform and from checkpoint 4.0 SP1 to 4.1 SP1. old firewall = Solaris 7 (x86) checkpoint 4.0 SP1 new firewall = Solaris 7 Sparc checkpoint 4.1 SP1 here was the process i followed (in case your interested

[FW1] Management of Multiple Nokia boxes from a NT platform

2000-07-06 Thread John Hahn
I am setting up to manage three IP440's and one IP330. Can I have different rules.W files for each box or does it all need to be in one rules.W? I would assume it's one big inclusive objects.C Any pointers? John E. Hahn Sr. Distributed Products Analyst Fiserv CBS - Arlington Heights 847-956-575

[FW1] Management station configuration problems

2000-07-06 Thread Jason Murray
Okay, I've given up hunting for a solution. Likely I can't even do what I am trying to do. Here are the facts. I have a management server version 4.0 build 4094. It is using s/key between itself and two firewall modules (also version 4.0 build 4094). Everything is working fine. I am trying get

[FW1] FW-1 memory leak issue!

2000-07-06 Thread Irene Cai
Hi, I am running FW-1 4.0 Build 4156 on Solaris 2.6 (SUN Ultra-60) platform. Currently I have memory leak problem, the system free memory drop significant daily. Does anybody there has similar problem. Please post information or resolution. Thanks in advance, Irene ==

Re: [FW1] logswitch fails

2000-07-06 Thread declan mckibben
I just re-read res. 1988 on the nokia site and iut states that you'll always get a logswitch failed if the PFM is configured to log to another machine, eg. the management server. [which mine is - apologies] regards "Dameon D. Welch-Abernathy" wrote: > > I have never been able to get fw logswit

RE: [FW1] VPN-1 Module on Solaris vs NT?

2000-07-06 Thread Hal Dorsman
This is my biggest gripe with NT. You do not have any of the remote management capabilities. With NT you can't even telnet and access system resources let alone export the GUI to your local X server. Then there's the performance thing, and the frequent reboot thing, and the Micro$oft Monopo

[FW1] SecuRemote question

2000-07-06 Thread Emmanuel LUCAS
Hi, I have FW-1 installed on an NT box. I have an SeuRemote client installed on win98. When I connect to my Firewall using ISDN line or anologic modem all works fine (logon to NT domain, access network shared ressources and applications etc ...). Now I try to connect my FW using a cable modem.

RE: [FW1] primary IP-address

2000-07-06 Thread THELLIER, Francis (Kedros)
I'm not an expert, but I already had some troubles because I had chosen the internal interface, I've changed this to the external, and all was going better ! > Francis THELLIER > > -Message d'origine- > De: Uy, Alex [SMTP:[EMAIL PROTECTED]] > Date: jeudi 6 juillet 2000 14:52 > À:

[FW1] Modifying Nokia Files

2000-07-06 Thread John Banta
I have a question about the volatility of data on a Nokia box. I know that there are files that should only be edited from the Web-based GUI, such as the /etc/hosts. But there are many things that I wish to do that are not covered by the Web-GUI. For example, I have created a shell script tha

RE: [FW1] secure rm w2k

2000-07-06 Thread Eames, Joel E.
It's in the beta program at checkpoint's website. I'm sure you could get it if you signed up. Joel > -Original Message- > From: Chambers, Steven [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, July 06, 2000 6:52 AM > To: '[EMAIL PROTECTED]' > Subject: [FW1] secure rm w2k > > > Is th

RE: [FW1] secure rm w2k

2000-07-06 Thread Kevin Lundy
Still in beta. I haven't seen an anticipated release date. -Original Message- From: Chambers, Steven [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 06, 2000 7:52 AM To: '[EMAIL PROTECTED]' Subject: [FW1] secure rm w2k Is there a securemote client for windows 2000 yet, And if so whe

RE: [FW1] primary IP-address

2000-07-06 Thread Uy, Alex
Hoang, what happens if you license your primary and secondary firewalls with an internal private address as oppose to a public real address? Could this be the reason why I'm having problems implementing VPN?? Alex Uy Net2000 Communications, Inc. Senior Network Administrator Phone Number (703)65

Re: [FW1] VPN-1 Module on Solaris vs NT?

2000-07-06 Thread Greg Polanski
I manage 7 gateways from one management station. The NT based gateways are the hardest to work with. The primary reason is the NT design which expects a keyboard, monitor, and mouse attached to each station. Everything is fine as long as everything is fine. Anything unusual requires a phone con

RE: [FW1] Anyone using Webtrends?

2000-07-06 Thread James Edwards
It is a two step process. First I do a logswitch and then a log export on the firewall machine. This gives me a comma delimited text file. Second, I ftp the files over to my database machine and load them into the database. All of this is automated. Check phoneboy's site for my scripts Hop

[FW1] secure rm w2k

2000-07-06 Thread Chambers, Steven
Is there a securemote client for windows 2000 yet, And if so where can I get it Thanks sc To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/servic

[FW1] Re: Primary address question

2000-07-06 Thread Ralf Günthner
Sorry, but since FW 4-0 I think there's no longer an immediate reason to associate the license with the external IP address. The technical problems arising from usage of another address in earlier versions have been resolved. So a more precise answer would be: The primary address is the one yo

RE: [FW1] nokia vpn installation problem

2000-07-06 Thread Tom Rowan
You need to add a hostname to IP address mapping into the hosts file.. DON'T do this by editing /etc/hosts your self! (it's a read only filesystem) Use the "Host Address Assignment" section of voyager. Tom > -Original Message- > From: Lau, Leng Fong [mailto:[EMAIL PROTECTED]] > Sent: T

RE: [FW1] Service PK 6 kills secureFTP ????

2000-07-06 Thread Chad House
Todd, Sorry if the message was confusing. My NT server was svc pk 4.0, I moved it up to 5, a requirement for Firewall-1 svc pk 6. I had been running the initial build of the firewall, but had to upgrade to svc pk 6 to solve a known issue. I will never place svc pk 6 on any of my server's

[FW1] nokia vpn installation problem

2000-07-06 Thread Lau, Leng Fong
Hi, I am new to this mailing list and the checkpoint fw. Pls pardon me if this problem has already been discussed. While installing fw ver4.0-SP4 on my Nokia VPN220, I always get the following error message: fw_ipaddr: cannot get my ipaddr Anyone knows what could be the cause o

RE: [FW1] primary IP-address

2000-07-06 Thread Hoang Ha
Hi the Primary IP address is the IP that will be IP address of external interface. This is IP address do you license. For your solaris system the Primary IP address is the first IP you defined while installed your system. Regards Hoang Ha At WEB site, http://www.phoneboy.com/fw1/, in QA ar

Re: [FW1] OS version for FW and proxy

2000-07-06 Thread Firebird
Hello Fang, For the server running FW-1, you should use Solaris 7, 'coz Solaris 8 isn't supported by checkpoint yet. It'll be later in this year, as I read ! Firebird - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 06, 2000 4:39 AM Su

Re: [FW1] OS version for FW and proxy

2000-07-06 Thread Sergio Rosa
[EMAIL PROTECTED] wrote: > Hi, all gurus: > > We are going to buy two Sun servers used for checkpoint FW-1 V4.0 and > Netscape proxy3.5. Anyone can tell me which OS version is better, > Solaris6, 7, 8? And we also want to install websense and antivirus > software on Prox

[FW1] Failed to load object in Setup.C

2000-07-06 Thread Azeem Usman Bharde
I am receiving following error on SUN Solaris; Failed to load object in Setup.C" "Setup.C", line 25: error cannot use : not in scope Any body has any idea HOw to solve this ? Azeem Usman Bharde To unsu

RE: [FW1] Radius integration with Firewall-1 on NT 4.0 server

2000-07-06 Thread Martin, Andy
Hiya, The reason I want to use Radius authentication rather than the ACE agent type thingy is that if you use the ACE authentication from the Firewall it Borks the VPN capabilities for secure remote users if you use ISAKMP which I want to use. The Radius authentication should work cant figure ou

[FW1] i would like to post you messages

2000-07-06 Thread Guy Gutman
 

Re: [FW1] logswitch fails

2000-07-06 Thread declan mckibben
The reason I was worried is the /var/log/fw.log was 20MB and had a modified date of yesterday. I think the bulk of the log came from when we played around with the ip440 in a standalone setting (ie. not in HA mode and not with a separate mgmt module). BTW, the remote logswitch also failed. I tri

[FW1] Moving FW-1 config

2000-07-06 Thread Nagu Sittampalam
Hello We want to move the existing config(objects, rules, policies etc...) on our FW-1 to a newer machine and wondered if anybody any recommendation. I am planning copying files from the conf directory on the old to new well as updating the license. (:=)Think Globally Act Loc

[FW1] Criteria/Features on selecting a FW

2000-07-06 Thread chiamcc
Hi alls, Does anyone have a check list or criteria list on selecting a FW. thank you chiam *** [This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete it and notify us immediat

[FW1] RE: [Summary]Private address space

2000-07-06 Thread Richard Ellerbrock
I have managed to find out what the problem was with private address space through the firewall. My anti-spoof setup did not take into consideration that the 172.16 range of addresses was internal to my network, so the traffic was dropped silently by Rule 0. I picked this up when trying to und

[FW1] Problem getting WINS in Securemote

2000-07-06 Thread Azeem Usman Bharde
Dear All, I m are facing problem which is below; I have upgraded FireWall 4.0 to 4.1 on VPN-1 RL500 Appliance. Also the Management Console which is on different NT machine is upgraded to 4.1. All exisiting services are working fine , such as Internet breowsing ,ftp etc. I am trying to confi

[FW1] Telnet port timeout

2000-07-06 Thread Scott Becker
Hi, How can i increase the Telnet port timeout to 40 minutes? Thanks Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com =