Hi there,
I'm currently experiencing a really strange problem with SecuRemote and
Firewall-1.
Here's what happens: I dial up to my first ISP using my Windows 98 PC and
attempt to access a server which is behind the firewall. The SecuRemote box
pops-up and asks for my username and password
Hello all,
I have one FW-1 management and 20 FW-1 modules on NT4 server. The wan is
ISDN between differents FW-1.
When the authentification fail between management consoles and FW-1 module
, the module try to authenticate every 30 seconds
(this is a normal) to the management console and so the
Hello all,
I have one FW-1 management and 20 FW-1 modules on NT4 server. The wan is
ISDN between differents FW-1.
When the authentification fail between management consoles and FW-1
module
, the module try to authenticate every 30 seconds
(this is a normal) to the management console and
I'm running at different customer sites using espg 21. build 101 on NT 4.0
SP6. Works well. May you can tell me off-line which problems you want to
point out.
As Mike already said, Esafe 3 is another story. 'Playing' with Esafe 3.0 it
seems that this version acts like a kind of Firewall because
Hello All,
we have Checkpoint 4.1 SP1 and we are using securemote to connect to our
internal LAN via internet. However, there are some laptops which are used in
office as well as home. I have bound the securemote to the dial-up adapter.
(OS is windows 98). When i am using the laptop in the
I am still having problems with this error message when attemtping to access
certain web sites through our Nokia, http://www.google.com is one good example.
Running IP 440 with V4.0 SP5 IPSO 3.1.2 and Websense 3.12.
I have tried the objects.C modifications in Nokia Resloution 3043 and also
hmm, i'm eval'ing websense v4 w/ fw-1 and it seems to work ok, but
that's another matter. you could also take a look at surfwatch or
surfcontrol (they're one company now, but i think they still support 2
different products) they're a bit different in that surfxxx uses a sniff
and spoof
Since the 4.1 sp2 software for w2k is still in beta, I would say that
checkpoint would not recommend this at all.
sp1 will not run on w2k correctly.
Thomas Poole
-Original Message-
From: Bob Bisignani [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 26, 2000 2:26 PM
To: [EMAIL
Title: Suddenly can't access to http
Hi there,
I am hoping someone there can give me some help on this problem I have.
My company firewall just upgrade to version 4.1 on August. The firewall also is a DNS server. It can't access to internet and it's happen twice, one on August and another
I agree with you Mike on all point,
we bought WEBSENSE and now just recently upgrade from 3.12 to 4.2 (Win NT
for Firewall-1) and it is working great. I never have the problem describe
in this list a few week's ago. It's working flawlessly for 1 mouth now (on
4.2).
Very satisfied with it and I
Hi all,
I have an existing v4.0 firewall installation. Going through the upgrade
procedure turned out to be a disaster, so we're going with plan B:
Install v4.1 from scratch.
So - we have an up-and-running working parallel v4.1 installation
sitting next to the original v4.0 installation. We
Title: RE: [FW1] Securemote Issue
I would suggest that you either make sure that SecuRemote is bound only to dial-up adapters or release the IP address from the NIC when you bring the machine home.
-Original Message-
From: Amit Saha [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
Howdy,
I'm trying to install the SecuRemote client on Windows 2000.
I downloaded the latest 4.1 SP2 client (build 4165) (which should
work according to phoneboy.com) but when
I run the installation program I get a message that the client
needs nt 4.0. Did anybody succeed in getting SecuRemote
Title: Nokia static route problem with rfc 1918 (private address space using 192.168.1.x)
While
I am not certain I suspect that IPSO doesn't like that address because .6 would
nominally be the broadcast address for that subnet. If you either
increased the subnet size or tried .5 or .4 it
Carl,
Are you referring to RFC1918 addresses? Technically
these are routable, but _most_ ISP will drop these(this
is where most say they are not routable.) But if they
originate from the ISP, they can do what they want. What
does your ACL's look like for blocking these? Should
be something
Hello,
Who got an installation procedure for CheckPoint 4.1 (or CheckPoint 2000) on
AIX
Thx.
To unsubscribe from this mailing list, please see the instructions at
I have been having a problem with IKE for a while. I have just realized
that it has to do with our remote firewall only.
I am unable to get IKE (3DES) encryption to work when attempting to encrypt
data across either the Internet or our Dedicated T1. I can see my end
encrypting, but the remote
Title: RE: [FW1] vpn problems
My suspcicion is that you do not have your encryption domain set up properly for the Linux to NT encryption.
From what you are saying there the following is happening.
Net A - NT - Internet - Linux - Net B
When you send a ping from Net A to Net B the NT FW
Title: URL Filters
I would recommend you to explore the following page where you
may find the links to thecontent filtering
tools:
http://www.rtek2000.com/Tech/InternetSecureLinks.html#filt
Also, you may want to bookmark the following link ifyou find it useful:
I've noticed that the Checkpoint download site only lists the
VPN+DES and VPN+STRONG (3DES) versions of the service
packs for Firewall-1 v4.0 on Windows-NT.
Previously, VPN (i.e. FWZ1 encryption) versions were also
available, but these are no longer listed. I assume that there
were also once
The standard SecuRemote is for Win9X and NT only. It will not run on Win2K.
In order to get the Win2K version which is in beta, you need to go the the
CP beta site and register and they will send you a version. The beta version
has been working here for two months sanse probs so far, so I
I would recommend you to explore the following page where you may find the
links to the multiple archives and FW-1 FAQ sites.
http://www.rtek2000.com/Tech/InternetSecureLinks.html
=
Best,
Roman M. Zeltser
RS Information Systems, Inc.
I am using the Syndefender features with FW-1. I am
seeing alot drops siting rule 0 and Syndefender. Does
anyone know any typical false positives for this type
of behavior ?
__
Do You Yahoo!?
Send instant messages get email alerts with Yahoo!
Hello,
Current we use the firewall to drop any Java and ActiveX. However we have
been forced to look at ways to allow Java and ActiveX but still protect the
network from malicous code.
My boss as dropped "Trend InterScan AppletTrap" which scans for malicous
code in Java/JavaScript and ActiveX
I think your 2nd option won't work. As far as I know one can have only 1 UFP
resource for a particular rule.
Jeroen
-Original Message-
From: Varnam, Gary [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 27, 2000 4:09 PM
To: [EMAIL PROTECTED]
Subject: [FW1] FW1 Trend Applet Trap
Why would you use SecuRemote on Windows 2000? I think that Win2k is
supposed to include a IPsec VPN client in the OS.
Amanda.
On Wed, 27 Sep 2000, Mike Glassman - Admin wrote:
The standard SecuRemote is for Win9X and NT only. It will not run on Win2K.
In order to get the Win2K version
(Shameless sales. Check Point monitoring
included. That's why I put it on this list.)
Do you monitor your system logs every week?
Every day? Every second?
We can. Your Check Point firewall and all of your
other application servers put some very important information in their
respective
It should say CVP Applet Trap not UFP. I will end up with a CVP Applettrap
and UFP Websense server.
Gary
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: 27 September 2000 16:00
To: Varnam, Gary; [EMAIL PROTECTED]
Subject: RE: [FW1] FW1 Trend Applet Trap
I
The SecuRemote beta works fine here too. I'm thinking they might be waiting to
release the version for win 2000 with their firewall-1 5.0 which is coming out next
yr. Just a thought.
bj
To unsubscribe
Sure. SynDefender may drop packets if the timeout is too short. The timeout will
determine if the
firewall should perform a RST to the destination. After using it, I think passive
makes more sense
than active since the firewall doesn't "broker" the connection request on behalf of
the
How can I block this site live365.com
I tried blocking the ports it comes in on but it seems like they use 20
different ones.
Thanks
To unsubscribe from this mailing list, please see the instructions at
Find every IP the domain is associated with, group the IP's as 365domain and
drop all traffic destined.
-Thomas Poole
-Original Message-
From: Regis Phelan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 27, 2000 11:16 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Live365
How can I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No kidding! ;)
I don't know what the heck they are waiting for? It seems to be
months and months between release clients too. It's quite
concerning.. Maybe they are going to wait until everyone's support
expires and then license the remote
Many
small-medium sized companies that it seems you are trying to target are also not
capable of hiring/maintaining a security staff. Most rely on a VAR to support
the firewall
Will
your company, along with handling logs, be able to handle change management,
setup VPN's, manage user
There is the matter of dynamic IPs
-Original Message-
From: amanda [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, September 27, 2000 9:50 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [FW1] RE:
Why would you use SecuRemote on Windows 2000? I think that Win2k
No way they can wait until next year to support Windows 2000 with
securemote. I'm not sure what the deal is, but many companies are [sniff!]
moving to w2k prof as the support image/platform for remote support.
Companies I support are actually looking at L2TP.
I'd like to know what the holdup
How would I find that out?
Just take the ip's from the log? There are several.
Thomas.Poole@gec
I spoke to the one of the product leaders for the SecuRemote product and they still do
not have a firm date on when the client will be released. I think that is pitiful.
The RC2 client is a fully functional client with very few problems. It is actually as
reliable if not a little more than
I just setup a domain as .live365.com and blocked all access.
thanks
[EMAIL PROTECTED]
Check that the box has enough memory - sounds strange, but I've had only
HTTP traffic stop under solaris 2.6 for that reason.
Nick
-Original Message-
From: Gan Hian Ming [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 27, 2000 12:44 PM
To: [EMAIL PROTECTED]
Subject: [FW1]
I was wondering if
anyone else has experienced this.
I use FW-1 v4.0sp5
on NT4SP5.When users access websites using the FQDN of the site they are
often returned the IP address to the address bar of their browser. Some
sites have a big problem with this since subsequent browses to sub pages
I am trying to get a VPN Accelerator card installed and running in a Sun
Ultra 60 with Solaris 7. After installing the device, booting the machine
and getting to the OK prompt, running show-devs lists the device as
pcicafe,1@2. I understand this to mean that the Ultra 60 sees the card.
Then I
Greetings all,
Looking for advice on http content
filtering.
Actually, my prime objective is to deploy a
Unix-based proxy server that hasreal-time content
filteringthatcan report on NT user names, not just IPs. Am I
asking for too much in one product?
Any/all feedback appreciated.
It is in the getting started manual. (Just use smit to do the install - also
make sure that the OS version is supported before trying the install).
-Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Nicolas MIET
Sent: Wednesday, September 27, 2000
I'm noticing lots of entries in my logs destined for this port. The source
IP is 137.135.128.101 which belongs to Nortel according to ARIN. However,
the ARIN contact information is out of date. Does anyone know what this
port would be used for? I'm receiving at least one packet every 5
Our solution is not about replacing employees. This is not a management
software piece. It is about maintenance and notification. We will also
have the capability of pushing upgrades and service packs to all of the
machines in the future, but that is not our current goal.
Our company does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It runs fine, just follow the instructions. It was really simple as
long as you follow the instructions to the letter. ;-)
I also recommend getting service pack 2 installed once you have it
installed.
Make sure that your version of AIX is
From http://www.wittys.com/files/all-ip-numbers.txt , this is supposedly
"Reachout". Reachout is an application very similar to pcAnywhere,
Remotely Possible (Control IT), VNC, etc. Hope this helps!
Jason
"Jarmoc, Jeff" wrote:
I'm noticing lots of entries in my logs destined for this
Documentation I have says this TCP port is commonly used for ReachOut.
David C. Diemer, CCSA, CNE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
[EMAIL PROTECTED]
404.651.9677
"Jarmoc, Jeff" [EMAIL PROTECTED] 09/27/00 02:23PM
I'm noticing lots of
Hi guys,
I just decided this afternoon to install SP2 on the Cp FW-1 v4.1
install we have on a Solaris 8 SUN station. Installing the FireWall was
quite easy, now I encountered the problem, after downloading SP2,
gunzipped an untarred it, that I couldn't find any doc on How to install
or
Hi All,
I have a script but it does not seem to work. I also need to automate the
script to
run every 60 minutes through some kind of cron job. Can you tell me what is
wrong with the script and how can I automate it. I would appreciate a quick
response.
Here is the script (restartmdq) I have
Are there any ports that need to be opened on FW1 to allow Site Server to
push and pull web content to/from the localnet to web servers on the
Internet?
Thanks, Michelle
_
Michelle Johnston
Network Manager, NHRA
2035 Financial Way
Glendora, CA 91741
phone: 626-914-4761 x256
It is just a simple pkg addition.
Marc Jacquard
SR. Systems Engineer
Fujitsu America, INC.
Hilo Office
email: [EMAIL PROTECTED]
Telephone: 808-934-4103
Pager: 888-787-5814
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Firebird
Sent: Wednesday,
Hi-
Background: I'm not a firewall-1 administrator, I have a firewall which
is spitting out many errors and our FW-1 administrators don't know how to
fix it. So please be kind if this is a common question. I found the
archives but didn't see a search.
The in.lhttpd.log file is getting
Hi,
It is just a simple pkg addition.
So that's it, if I pkgadd the package, it will upgrade the FireWall ?
How easy... Is there no existing doc 'bout that ?
So long,
Firebird
To
Doesn't that open the gateway up? If you change to outbound then you're not
filtering what's coming in? You can only crank it up anyhow? Isn't there a
way to allow a particular object NOT to timeout?
-Original Message-
From: Gopinath Pulyankote [mailto:[EMAIL PROTECTED]]
Sent:
Title: RE: [FW1] Securemote Issue
If the
machine already has an address bound to any of its adapters that is inside the
encryption domain (as would be the case in the "take the PC home" scenario,
SecuRemote will never prompt for authentication at all, as it will assume that
encryption
Yup. You are right. I was thinking of the upgrade packages.
Marc Jacquard
SR. Systems Engineer
Fujitsu America, INC.
Hilo Office
email: [EMAIL PROTECTED]
Telephone: 808-934-4103
Pager: 888-787-5814
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
While we're on the topic of the Win2K beta, has anyone else with 4165
noticed a problem using the Windoze Outlook mail client (the full
client, not Outlook Express). Every time I press the send button, I
get a nice blue screen - something I haven't
Hi,
I'm trying to export my fw-1 logs to syslog using user defined alerts. In
the log alert tab in the properties window, I have user defined alert
command set to : /usr/ucb/logger -p 0.3
This worked fine in my fw-1 version 4.0 firewalls, but it is not working on
my 4.1 firewalls. They
Is there anyone out there using CheckPoint FW-1/VPN-1 on Redhat Linux?
Having troubles with it?
Please reply offline
Paul DeHerrera
Large Scale Biology
[EMAIL PROTECTED]
707.469.2357
http://www.lsbc.com
I've installed SP2 on several machines, and I've used "patchadd" - as
documented in the release notes (p.11).
At 09:57 PM 9/27/00 +0200, Firebird wrote:
Hi,
It is just a simple pkg addition.
So that's it, if I pkgadd the package, it will upgrade the FireWall ?
How easy... Is
Hi Guys,
I've read some of the lists archives about this but I'm still not 100% on
it. I am wanting to authenticate my internal network's NT users for web
access. The firewall (4.1) is a BDC in the domain. Am I correct in saying
that all i do is set the authenication rule to the OS for the www
Ok when im trying to connect to my management server from nt client im
getting this error, fwm: No license for client both on the client and on
the stdout on my solaris machine. Which license is it talking abnout ??
Ive already install the checkpoint fw license do I need a license for the
-- Forwarded message --
Date: Wed, 27 Sep 2000 19:08:04 -0500 (EST)
From: Rodrick Brown [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CheckPoint Install Problems (2)
Ok when im trying to connect to my management server from nt client im
getting this error, fwm: No license
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: davidxs [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 27, 2000 4:19 PM
I have a problem
I need to connect my FW-1 4.0 to a remote firm's FW-1 4.1 via
VPN tunnet ala
ISAKMP
The other firm is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Small typo in a paragraph:
I meant:
The other firewall does the same. Same objects and rules (name
differently to avoid confusion). Now, packets with Src IP
192.168.1.0, dest IP 10.10.2.0 are translated on your firewall to src
10.10.1.0 dest
Does anyone know where I can get Checkpoint 3.0b firewall media?
Thanks
Rob S.
To unsubscribe from this mailing list, please see the instructions at
Anyone here know what could be causing this
After trying to connect to my management server from a nt gui client Im
getting this error.
Yes I added the nt client machine to the gui-clients conf file but still
im not able to connect. Anyone can assist me. I will really appreciate it.
# fwm:
Aloha,
First of all don't use csh for scripts. it just doesn't work.
Try this script
#!/bin/ksh
# uncomment one and only one of the following statements to set the pid
variable.
# the first is a Linux and the second is Solaris this script works on
either. with the
# correct ps statement
On Wed, 27 Sep 2000, Firebird wrote:
I just decided this afternoon to install SP2 on the Cp FW-1 v4.1
install we have on a Solaris 8 SUN station. Installing the FireWall was
quite easy, now I encountered the problem, after downloading SP2,
gunzipped an untarred it, that I couldn't find
I have this on 1 W2K box (out of 20+ that are running 4165 on W2K). The
only diff. with that box is that its been "upgraded" from the W2K beta
code (rest were clean installs with production W2K). When I get a chance
I'm going to re-do with a clean install and see if that helps...
Craig
You installed FW1 on a BDC? So your BDC is exposed to the Internet? Are you
nuts?
Try this, whip out SystemScanner 6.1 or SuperScan or whatever...
Port scan your firewall from the internet. Notice the ports you have open.
From the firewall, simulate a FW1 service failure"kill -f fw.exe"
Now
Rodrick,
From: Rodrick Brown [SMTP:[EMAIL PROTECTED]]
Subject: [FW1] Cant connect to Management Server.
Anyone here know what could be causing this
After trying to connect to my management server from a nt gui client Im
getting this error.
Yes I added the nt client machine
http://www.phoneboy.com/fw1/faq/0123.html
--
Timothy Frost mailto:[EMAIL PROTECTED]
EDS New Zealand Fax: +64-4-495-0473
8 Gilmer TerracePhone: +64-4-495-0504
P O Box 3647
Wellington
New Zealand
-Original Message-
From: Graham
Almost same as 4.0 except some details.(install dir, config command etc)
See detail at "Getting Started Guide".
PDF version is available in installation media.
/* IBM Japan,Ltd. */
/* IGS, e-Business Enablement Services / ERS-J */
/*
Has anyone upgraded to version 4.1 SP2 on VPN-1 while still using the
old client 4115 using FWZ?
Thanks
Bob
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about
In regards to my previous email , After moving the FW1 gateway, I found out that my
license is hostid base and not IP, but I found the fwauth.NDD file to have inside of
it the old IP address of the Gateway Does anyone know how I can regenerate the
authentication file (fwauth.NDD), so I can
Hello,
I have a Firewall-1 version 4.1 in place that I would like to put
anti-spoofing rules onto.
I go to the firewall network object and edit the interfaces. However, I
only get a General Tab, there is no Security tab which is where I
expected to find the Valid addresses fields.
It has
Yes it does. I'm running NT 4 Server SP6a on my desktop and the GUI clients
worked great. I was having a filtering problem on my router and wanted to
capture some ftp packets to see what the problem might be. I installed Net
Mon 2 from SMS off the MSDN CD's we have (This version puts your NIC in
-Original Message-
From: MikeCC [SMTP:[EMAIL PROTECTED]]
Subject: [FW1] anti-spoofing on fw-1 4.1
Hello,
I have a Firewall-1 version 4.1 in place that I would like to put
anti-spoofing rules onto.
I go to the firewall network object and edit the interfaces. However,
Generally, it's not a good idea posting your CP serial # to
the mailing list I would think. You might want to sanitize
whatever info you post here, including ip addressing of your
network. Are we all white hats here?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I have a Firewall-1 version 4.1 in place that I would like to put
anti-spoofing rules onto.
I go to the firewall network object and edit the interfaces. However,
I only get a General Tab, there is no Security tab which is where I
expected to find the Valid addresses fields.
Did you see
Does anyone have experience with SunScreen 3.*. and FW-1? Any hints on
good/bad points eg performance, pricing, licenses-stuff, vulnerabilities,
...
Thanks,
Thomas
== PGP fingerprint B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED ==
Thought you got rid of all year 2k
Hi!
I've been debugging the following setup for the last couple of
days:
policy pvt net pvt netinternet
server fw-1 A --- fw-1 B fw-1 C ---
The policy server is for all three firewalls (in fact, it serves
many more and in HA mode, but
found this on phoneboy.com. hope it helps...
---
Has only loopback (lo) interface, aborting...
Q:
When attempting to install a policy, I get the following error message:
Installing Security Policy foobar on all.all@firewall
Has only loopback (lo)
Hey Randall,
Yeah, I suppose keeping the /conf/ dir is sufficient to get my old
configuration (As I applied the patch, it made a tarball of this
directory. I'll first try to upgrade to SP2 since this is the one I really
need. Thank you for your help, I already thought to that, and I
Hello guys,
Ack... I just installed SP2 on the FW-1 v4.1 on Sol8 and rebooted the
machine. I now have a segfault :
| FireWall-1: Fetching Security Policy from localhost
| Trying to fetch Security Policy from localhost:
| Segmentation Fault - core dumped
Further error are :
| Has
One of the "trainees" in our office was given the task of installing FW-1
SP2 on a Solaris 2.7. I'm not sure how he installed it (because he wanted
to "try it without [my] help"), but he had the exact same problem.
My solution: I removed all of the Check Point packages he installed and
89 matches
Mail list logo
