I installed CKPFW v.4 trial verson on Solaris. After a while I upgraded
to a registrerd license. With putlic etc I registered the license and
everything seemed to be in order, but when the trial versin outdated the
registered version did not "take over". The machine "locked".
The trial versin
Hi all,
can you recommend any reference docs before seperating
logs and management into different systems in 4.1-SP2.
thanks in advance.
regards.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 10:59 AM
To: stcost - Steve Costaras
Hello
Does anybody know what is the problem when you go to install the policy on
FW-1 v4.0 running on Solaris 2.6 you get
Incorrect reply from server (seq or subject mismatch)
and the policy is not compiled and installed.
(:=)Think Globally Act Locally(=:)
(-:
The reason why this is happening is because it is timing out.
I had the same problem.
The quick fix is to go into your GUI, and delete most of your old policies
(leave a handful of the most recent ones just in case you ever have to roll
back).
Once you save the changes, you will not see the
To: Valued Comcast @Home Customer
Section 6 below is the pertinent one
See also: http://www.comcastonline.com
From: Comcast Online Communications [EMAIL PROTECTED]
Date: Mon, 14 Aug 2000 11:27:19
Subject: Updates to Your Comcast @Home Subscriber Agreement
VIA EMAIL
RE: Updates to Your
What build of E-safe are you on? Build 100 is not stable and you should go
back to 99 if you are on 100.
-Original Message-
From: Mario Toma [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 6:59 AM
To: #Checkpoint; [EMAIL PROTECTED]
Subject: RE: [FW1] [FW-1] eSafe CVP hangup
hello all
I have currently 4 prod fw and i would like to add a new one. I want to add
it to the management station using fwconfig (remote modules) but I dont want
to re-run a putkeys for all other firewalls. If i run the fwconfig and add
the new fw will i need to run a putkey on all the
We have had nothing but bad luck when attempting to use FW-1 4.0 SP6
(Solaris) in conjunction with eSafe PG 2.1 build 100. The issues we have
started occurring after FW-1 4.0 SP6.
We moved the eSafe server to version 2.1 build 99 and *all* of our problems
went away. eSafe works as
You don't have to run putkey on all fw. Only on the new one. Add the new fw
running fwconfig and then run putkey on both the new fw and on the
management station.
Victor Barrientos
Tivoli certified Consultant
RSA Security Certified RSA ACE/Server Engineer
Tel: 54-11-4819-3903
Fax:
Hi,
Block all traffic to the following nets:
IP: 208.178.163.56 mask: 255.255.255.248
IP: 208.178.175.128 mask: 255.255.255.248
IP: 208.49.239.240 mask: 255.255.255.240
IP: 208.49.228.0mask: 255.255.255.0
IP: 208.184.216.0 mask: 255.255.255.0
There are
I have 2 nokia 650s, but one of the has time zone GMT, the other GMT+3How
to change timezone setup so that logviewer shows the correct...The dates on the boxes
both are set the GMT+3 but logviewer shows different dates...Thanks for your help
I have 2 nokia 650s, but one of the has time zone GMT, the other GMT+3How
to change timezone setup so that logviewer shows the correct...The dates on the boxes
both are set the GMT+3 but logviewer shows different dates...Thanks for your help
I have 2 nokia 650s, but one of the has time zone GMT, the other GMT+3How
to change timezone setup so that logviewer shows the correct...The dates on the boxes
both are set the GMT+3 but logviewer shows different dates...Thanks for your help
Dumb question, but you *did* create the /usr/ucb directory before
linking to it, didn't you? (I can't remember off the top of my head,
whether or not it's created on a default Solaris install). If that link
does truly exist, and the link itself works, then your problem is
probably due to the
Thanks, Jason and all the kindly responses. I get my info from "fw log". It
works.
-Original Message-
From: Jason Witty [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 7:44 AM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [FW1] logviewer slow response
Ever use the
Has anyone seen the following error :-
fwopaque_destroy: bad magic number 782228 in opaque 77d758
I am trying to get encryption working between our central site and a remote office,
when I try to retrieve the CA from the remote office I get the above error, anyone got
any ideas.
Regards
Hello all,
how do I change the fwadmin password on a Solaris7 box, running CP2000? I
found the file fwmusers in the /opt/CPfw1-41/conf/ directory. It has the
user name and encrypted passwd in it but I am not about to edit the file.
And I cannot find anything in the Windows client...
Thanks!
Hi there,
I upgraded to 4.1 SP2 from just straight 4.1 over the weekend and started
having this little problem:
A firewall is located between my exchange server and the internal network.
I am forcing Exchange IS and DS services to use port 1200 per instructions
on phoneboy's site. I understand
I see this is for Unix systems. Anything in nt to do the same thing?
Jon Jackson
IS Manager
Coollogic, Inc
[EMAIL PROTECTED]
www.coollogic.com
ph 972-590-5700
fx 972-590-5725
Coollogic, Inc
-Original Message-
From: Simon Guo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday,
http://www.phoneboy.com/fw1/faq/0099.html
Jeremy Finke wrote:
Hello all,
how do I change the fwadmin password on a Solaris7 box, running CP2000? I
found the file fwmusers in the /opt/CPfw1-41/conf/ directory. It has the
user name and encrypted passwd in it but I am not about to edit
Hi,
I'm running FW-1 4.1 SP2 on Solaris Sparc 2.6
I've found several error messages in my ahttpd.elg. Can anybody
explain these messages or point to some place where I can get more
information about it?
- Content encoding type not allowed
- Informing AVAIL(NULL) in av_client_session_end
-
Oooop, I mean sniffer (network analyzer)
Can anyone provide a short list of switches (fixed or small modular)
that one can open a port to run network sniffer on?
it seems like my 3com 3300 and nortel baystack 3500-xxT switch do not have
this function
Craig,
All the routing etc is good because I have set up test networks either side
and I can see each www test box.
This is also working with NAT enabled.
According to the Checkpoint book when a FWZ policy is enabled the install
message should have FWZ in it.
In fact the install message is
I am on @home here in Ontario, We are through Rogers Cable, which basically
is excite@home. They apparently don't have any plans as far as I can tell
to prohibit VPN access. I have yet to be able to speak with someone
regarding this. IF they decide to try and inforce this type of ban, how
check the time on your management console where the firewall logs.
-Original Message-
From: Cihan Subasi (Garanti Teknoloji)
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 10:30 AM
To: 'Fw-1-Mailinglist (E-mail)'
Subject: How to set time zone...
Title: RE: [FW1] @Home ban of VPN's
I read the email from them this morning. I fully plan on either getting this ridiculous stipulation removed or changing services. It is absolutely absurd for them to tell me that because I check my work email from home that I need to pay 5 times more for
Consider that alot of broadband Internet providers are moving to DOCSIS as
the
standard for their client modems and headend controllers.
With DOCSIS you have the ability to enable a 56bit baseline encryption
policy
which I know for a fact RoadRunner uses.
Perhaps the additional encryption of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Valerie Leveille [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 12:55 PM
[...]
How many people are affected by this? If we cause enough
grief will they
take it out of their agreement.
[...]
The 3Com does, however the "Analysis port" can only sniff 1 port, the
"Monitor port" kinda useless. By the way, this is kinda off-topic.
-Original Message-
From: MIS [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 11:24 AM
To: FW1 mailinglist
Subject: [FW1] RE: running
Does anyone know where I can find a list for Sidewinder?
TIA,
Brian M
Frederick, Maryland
To unsubscribe from this mailing list, please see the instructions at
Hi, All. Does anyone know the port(s) or RPC number of IT/Operation of HP's
Openview?
Simon
To unsubscribe from this mailing list, please see the instructions at
If one enables "Encapsulate SecuRemote connections" for FWZ
on a FW-1 4.0 box, what is that actually doing?
I thought it would tunnel SR FWZ connections by encrypting the
original packet from the IP header all the way back, including
the payload.
Or does it just encapsulate/encrypt the packet
Hi All,
I need to choose the right Nokia model for a high speed internet link. Can
Nokia 440 configured in HA handle an Internet connection of DS3 or do I need
a pair of Nokia 650s.
Siddika
To unsubscribe
Setup: FW-1 4.0 SP6 on Win-NT WS 4.0 SP5.
How do I change this error message?
ERROR
FW-1 at "computername". Access denied.
This message is generated when user from the inside try to access the "BIG
BAD INTERNET" when they are not allow to do so!!! Rules for them to access
the Internet have
Hey folks,
Does anyone know what the following error mears. Having problems trying to
merge a 4.0 with 4.1 objects.C files.
thanks
baskar
# fw confmerge obj-new.C obj-old.C objects.C
: Syntax Errorne 3: ERROR: Bad format at name
Title: RE: [FW1] @Home ban of VPN's
I contacted @Home this afternoon--I had been scheduled for installation this week. Needless to say, I cancelled my order.
Bottom line is that they DO intend to implement a policy of banning VPN traffic over their network for @Home subscribers. How they
On Fri, 11 Aug 2000, Robert MacDonald wrote:
Now, with that said, your right, the firewall should add
this connection back to the state table. But I'm wondering
who is terminating the connection. What does the fw log
say happens to this connection(e.g. what happens to the
very next packet
Does anyone know if there are specific IP ranges associated with Comcast@Home?
We have several hundred SR users in the US and I'm sure most of them ignore
email from their ISP.. I'd like to run a report on our fw logs to get users
names that may be impacted by this new policy.
-Gary
Does anyone have any suggestions or tips on setting
up GateD on Solaris 2.6 for running OSPF, *and* making it work with FW1? I
have a basic implementation with one OSPF area in the gated.conf file and a rule
allowing authorized routerstosend their routing updates to the
Solaris machine
Yes.
Assuming MS Sql Server, make a rule that allows TCP-1433 from the Web Server
to the SQL Server.
-Original Message-
From: Dietmar Bussmann [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 4:28 PM
To: [EMAIL PROTECTED]
Subject: [FW1] ODBC through Firewall
Hi all,
is it
How do you strip different type of files in attachment?
what is the seperator between them?
I have tried , / space between different mine in
in the box Action2 of SMTP definition
but none work
To
I'm trying to implement Secure Client.
I have a test machine in the DMZ that I have a rule to allow HTTP to with
Encrypted Client.
I'm getting authenticated.
I get a decrypt log entry for FW1_pslogon.
I get a decrypt log entry for http,
then I have three log entries dropping http.
The page
Sorry about the subject.
Forgot to mention, I'm running 4.1 sp2 on gui, fw and manager.
Also, I am static natting at the firewall and the drops are for the real
address, the decrypt occurs on the private address.
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I have heard it is possible to setup logging to another machine. Is
this possible w/ the "Single Gateway" product? I can not seem
to find any documentation on how-to do this.
TIA
Chad Graham
begin:vcard
n:Graham;Chad
tel;home:602.431.
tel;work:602.431.8036 X308
x-mozilla-html:FALSE
What are those who use it finding wrt SecureClient?
My tests show that it is doing nothing more than
SecuRemote in my environment with my config.
I may be missing something, of course, but I can
not, at this time, demonstrate its enhancements...
Thanks, reply to me and I'll summarize to the
From what I have read on this list and elsewhere, the VPN ban is not an @home
thing but a COMCAST@home thing.. an ARIN search for Comcast resulted in a long
list none of which included any part of the 24.x.x.x network... :-(
-Gary
|+--
||
SecureClient also allows you to install a basic policy on the client PC
(provided you're licensed for it), thereby protecting that PC from the evil
Internet. That's about it...
Jason
At 08:12 PM 8/15/00 -0500, Shelton, Raymond A. wrote:
What are those who use it finding wrt SecureClient?
My
Come on , guys. They aren't really gonna BAN VPN's, they just don't want to
deal with the support calls
(I can't get my .. working through your network.)
Now they can point to a policy
Thomas Poole
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Thomas, I sincerely hope you are right. Unfortunately for me our CIO is a
Comcast subscriber.
-Gary
|+--
|| Thomas.Poole@gec|
|| its.ge.com |
|| |
|| 08/15/2000
Pls specify your SR build no?
--- Joe Delsol [EMAIL PROTECTED] wrote:
Can this SR Client connect to anything else via SR..
The test either needs
to be something that they could not normally do from
the outside or that you
can look in the log and see that it was done via SR.
I can
Dan,
I don't know if it's the most secure, but unless you're willing to use a
Nokia box, you don't have many options when it comes to OSPF.
However, support for gateD is virtually non-existent. If you feel
confident, you might want to try GNU Zebra
(http://www.zebra.org/).
It's much more
Absolutely.. Similiar said for other ISP's who do not want to deal with
personal firewall/ids logs. According to one Network Security Officer of a
major ISP. We just won't support the customer if they use x but will if
they use our VPN solution.. Hmm seems like they don't have their act
Yes, I did.
-Original Message-
From: Ilya Akinfiev
To: 'Daniel Law'
Sent: 8/16/00 12:51 AM
Subject: RE: [FW1] remote oracle client
Are you using encapsulation? I believe you have to, with NAT...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Thanks Paul, I will try it out asap :)
Daniel
-Original Message-
From: [EMAIL PROTECTED]
To: Daniel Law
Sent: 8/16/00 12:21 AM
Subject: RE: [FW1] remote oracle client
Hallo Daniel,
I just found an info about SQLNet and SR in check points VPN handbook
CHECK POINTS VIRTUL PRIVATE
thanks
I installed the SUNWscpu package (which puts all the relevant binaries in
/usr/ucb).
and created the link to /etc/fwboot as described below
the installation was successfull without any errors.
timo
-Ursprüngliche Nachricht-
Von: Michael Miller [mailto:[EMAIL PROTECTED]]
Gesendet
Hi All,
When my WWW users get the error "Access Denied"
message in their browsers because my FW1 has freaked
out, I get the following message in ahttpd.elg:
No default track in properties
Anyone know what it is complaining about?
I searched phoneboy, but didn't find anything.
Thnaks --
The Cisco Catylist line have a span port option that
will allow you to mirror traffic from on port to onther,
or mirror all of the traffic from one vlan to a port.
Kevin
-Original Message-
From: MIS [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 12:34 PM
To: FW1 mailinglist
No I have just been troubleshooting myself.
The reason why I choose FWZ was in the past I have found it the easiest to
configure.
-Original Message-
From: Richard Garnett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 10:22 AM
To: Tranfield, Jonathan
Subject: Re: [FW1] FWI
Even better. You can get it to sit on your ISP's line if
you want. We had one in to demo, and we placed it
on our frame line from our ISP and we were amazed
at how un-private out private line was. We saw traffic
from many different sites.
This was a unit that had a 'splitter' (for lack of the
59 matches
Mail list logo