We want to round robin smtp to the cvp server to speed up the process. Is
there a way to create two cvp servers in the rule base and round robbin the
smtp traffic. We are running firewall on Nokia 650 boxes..
Kamran
-Original Message-
From: CryptoTech [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 02, 2000 1:00 AM
To: Chris H
Cc: FW1
Subject: Re: [FW1] 1 minute VPN Outages
Do you have any form of ntp synchronization going which could throw off the
ike
cookies?
Chris H wrote:
Not using
I use VRRP and it works great.
Kamran
-Original Message-
From: Neil Pike [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 30, 2000 6:40 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Nokia HA options
What are people using on Nokia's for HA solutions (FW-1 only, no VPN
needed). VRRP?
Title: [FW1+vpn] VPN with pix and firewall 1
We
wanted to put the VPN gateway inside the firewall dmz so that we can protect the
vpn box from getting hacked. This way we can control what kind of traffic comes
at the VPN gateway from the internet. Since the only traffic coming out of the
Title: [FW1+vpn] VPN with pix and firewall 1
Hi
All,
Is there something
wrong with the mailing list. I haven't received any message for the past two
days.
Our
company has decided to use the Nortell VPN gateway 4500 box. Our VPN group
wants to put it outside of the
Title: [FW1+vpn] VPN with pix and firewall 1
Hi
All,
Our
company has decided to use the Nortell VPN gateway 4500 box. Our VPN group wants
to put it outside of the firewall on the Internat and directly connect the other
interface into the local network. Our VPN group has been told that the
Hi Guys,
We are running FW 4.0 SP4 and SP5 on our firewalls and management consoles.
The management console is on NT and firewall modules are on NT, Nokia and
Solaris.
I have two management consoles each managing 3 to 5 firewalls.
I am installing two new Nokia boxes with Checkpoint 2000 (FW
Hi All,
I have a script but it does not seem to work. I also need to automate the
script to
run every 60 minutes through some kind of cron job. Can you tell me what is
wrong with the script and how can I automate it. I would appreciate a quick
response.
Here is the script (restartmdq) I have
Hi All,
Any takers on this one
My platform is Nokia 650 IPSO 3.2.1
I need to automate a script that will kill the mail dequeuer (MDQ) every 2
hours. Can someone help me with this. I probably need to schedule it using a
cron job but I don't know how to do it.
Here is the script I got earlier
Hi All,
My platform is Nokia 650 IPSO 3.2.1
I need to automate a script that will kill the mail dequeuer (MDQ) every 2
hours. Can someone help me with this.
Here is the script I got earlier from this mailing list to kill MDQ but it
doesn't work for me. Can someone tell me what might be the
Hi All,
Our management has decided to use Nortel Contivity 4500 Extranet Switches
for providing VPN. They will connect one side of the switch to a public
address outside of the firewall and the other switch will be connected
directly into our private network bypassing the firewall. We use Check
Hi Folks,
Is there a way to control how much history is kept for commands entered on
the nokia box. I have a history of some 500 commands that goes as far back
as 3 months. Is there a way to limit it to only 50 or so.
I am
seeing strange network scanon an internalfirewall. The scan assumes
a source id which is not anywhere on our network and tries to reach class B
network (A.B.0.0) which is also not in our netowrk. I traced the problem to a
local director's MAC address. I called up cisco and they said it
check the time on your management console where the firewall logs.
-Original Message-
From: Cihan Subasi (Garanti Teknoloji)
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 10:30 AM
To: 'Fw-1-Mailinglist (E-mail)'
Subject: How to set time zone...
Hi All,
I need to choose the right Nokia model for a high speed internet link. Can
Nokia 440 configured in HA handle an Internet connection of DS3 or do I need
a pair of Nokia 650s.
Siddika
To unsubscribe
John,
You can use VRRP v2 for interface failure whereas, monitored VRRP circuits
are used for complete box switch over and it is the recommended choice.
Monitored VRRP is easy to setup and and eliminates creation of asynchronous
routes that occurs when only a single interface fail.
Look at
We are trying to implement Real Secure IDS and are unable to analyze the
traffic because of switched environment. Our network guys says because we
are using high end backbone and core switches we cannot give you a spam port
or place a hub. My question is how do other large companies implement
I investigated the problem further and the source and destination address
change slightly with same service and source port. It is one of our internal
firewall and when I sniff the traffic on other firewalls that interface with
the outside world I don't see any traffic from these sources. Here
Unless you need hot-swapable interface cards you are fine with IP440. I have
two pairs of IP440 and one pair of IP650 all configured in HA using
Monitored VRRP. I would go for IP440 and spend the extras on a good
intrusion detection server.
siddika
-Original Message-
From: Mark
excuse my spelling in the previous message
Your point number 2 is what happens when you implement Monitored VRRP, where
if one interface goes down the whole box goes down and the other box kicks
in.
-Original Message-
From: Brandon Applegate [mailto:[EMAIL PROTECTED]]
Sent: Tuesday,
Your point number 2 is what happens when you implement Monitored VRRP, where
if one interface goes down the who box goes down and the other box kicks in.
siddika
-Original Message-
From: Brandon Applegate [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 13, 2000 4:23 PM
To: FW-1-LIST
Where can I get "ntop" for Nokia
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 05, 2000 6:18 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] Bandwidth reporting suggestions
While MRTG is good for overall bandwidth
In my firewall, the http service is defined as protocol type URI whereas,
the https service is defined as protocol type NONE. Shouldn't it be the
other way.
If defining an http for port 81 should the protocol type be URI or NONE and
what should the protocol type be for https.
Thanks
siddika
I want to synchronize time on the servers behind the firewall via the
internet. Is it ok to allow ntp via the firewall into the internet for time
synchronization. What internet sites are recommended for time
synchronization?
siddika
-Original Message-
From: Oliva, Fabian J [Sprint]
Is it possible to define the same port for both http and https. I have got a
request from a user who wants to use
http 81/tcp
https 81/tcp
http 82/tcp
https 82/tcp
He will only use one (http or https) at a time and will switch the daemon
back and forth as needed by his users.
siddika
25 matches
Mail list logo