understood your concern.
Ray
From: Piri McMullan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Basic Licensing Question
Date: Sat, 12 Jun 2004 13:33:46 -0700
This is my first post to this list and am somewhat new to CP
behind the
gateway IP address?
That would work.
Thanks,
Ray
From: Joachim Bassmann [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Complicated remote access problem using an internal
firewall
Date: Tue, 15 Jun 2004 12:13
of the network, it's a host on that network.
Is there any way to add a NAT rule so that the IP Pool NAT network on B can
use Hide NAT so that it appears to be B's external IP address to our
internal network?
Thanks,
Ray
From: Joachim Bassmann [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall
Mine are central licenses on the management station so I can use them with
any gateway.
Ray
From: Schiavetta, Massimo [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] vpn licence question
Date: Wed, 16 Jun 2004 12:31:03
need to be using a Simplified policy and
msut use certificate authentication.
I've got SmartCenter Pro and just got SmartLSM fired up today. Are you using
LSM?
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1
applied HFA06 to R55 a few days
ago.
Any thoughts are greatly appreciated!
Ray
_
Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com
=
To set vacation, Out-Of-Office
?domain=howcogroup.com
Ray
From: Devanney, Mark [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] DNS Zone Transfers
Date: Thu, 17 Jun 2004 17:08:38 +0100
Hi All,
Have problem with secondary dns servers trying to do zone
picked it up. We're
getting our first Edge box tomorrow and these fixes corrected some
Edge-related issues.
CSP might be some kind of Check Point partner/dealer program. I guess if we
have to ask, we don't have a need to know. :-)
Take care,
Ray
From: Simon Curtiss [EMAIL PROTECTED]
Reply-To: Mailing
I did'nt know about the backwards compatibility requirement, either. Our
Check Point SE is supposed to be at our local user group meeting this
morning. If I remember I'll ask him.
Thanks for reporting what worked,
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall
Hi Mark,
Did you push the policy after unchecking it? Are there any event log errors?
Ray
From: Devanney, Mark [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] DNS Zone Transfers
Date: Fri, 18 Jun 2004 15:02:31 +0100
it was and the
problem stopped. Go figure.
Ray
From: Russell Aspinwall [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] encryption failure: decrypted methods didn't match rule
(VPN Error code 03)
Date: Fri, 18 Jun 2004 13:31:38
on the secondary management station?
Any clarification would be greatly appreciated.
Thanks,
Ray
_
MSN 9 Dial-up Internet Access fights spam and pop-ups now 3 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01
behind the Edge box, but when I try to ping the Edge
box from some of the subnets, but not all, I get a no valid SA error. I
now have a one-and-a-half VPN!
Ray
From: Stala [EMAIL PROTECTED]
To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [FW-1] VPN-1
Hi Rick,
What made you decide to go to 3.8? I didn't see anything compelling in it as
iread the release notes.
Thanks,
Ray
From: Rick Centner [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] NG FP3 Upgrade
Thanks, that's interesting news. I'll have to go re-read the release notes.
Ray
From: Rick Centner [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] NG FP3 Upgrade suggestions
Date: Tue, 22 Jun 2004 23:36:48 -0400
Hi
,
Ray
_
MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood!
http://movies.msn.click-url.com/go/onm00200509ave/direct/01/
=
To set vacation, Out-Of-Office, or away
the Install On column from * Policy Targets to the actual gateway that
the rule applies to.
When I had it as * Policy Targets, I got an error on Verify for every rule
that had a VPN Community specified in the if via column, even though they
were different communities.
Ray
Set block on unverified to true in the local.scv file. It's a global
setting, meaning that if any of the SCV checks are unverified, the
connection is blocked. They can connect to the gateway and get
authenticated, but they can't go anywhere.
Ray
From: Chontzopoulos Dimitris [EMAIL PROTECTED
Hmmm, that's a very good idea!
Thanks!
Ray
From: Tom Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] VPN-1 Edge device
Date: Wed, 23 Jun 2004 09:22:35 -0400
I just created a new rule base and called it Edge
dynamic object I really
understand is using a DHCP external interface.
We're trying to replace frame connections with Edge boxes and not re-IP
anything.
Thanks for any help and guidance you can lend,
Ray
_
MSN 9 Dial-up Internet Access
in on the secret.
Thanks,
Ray
_
Make the most of your family vacation with tips from the MSN Family Travel
Guide! http://dollar.msn.com
=
To set vacation, Out-Of-Office, or away messages,
send
eveything down
the VPN. Is this just not possible in a mesh VPN or could it be done with a
static route somehow?
I dunno...
Ray
From: Ray [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Edge setup - getting close!
Date: Wed, 23
Nothing personal, Chris, but I hope that's wrong... :-)
Although I was leaning as to that being the answer. sigh
Ray
From: Chris Hoff [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge setup - getting close!
Date
but not back.
What firmware version are you on?
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge setup - getting close!
Date: Thu, 24 Jun 2004 20:57:44 -0400
I keep getting a problem with the encryption
Check out sk23166. It says the VPN certificate on the firewall object is
corrupt. Is this affecting just one client or all of them? If all of them,
this might be the answer.
Ray
From: Michael Halligan [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
No. What kind of problems?
Ray
From: Michael Schwartzkopff [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Problems with SecureClient and Internet Explorer?
Date: Fri, 25 Jun 2004 08:51:16 +0200
Hi,
Did anyone
that bypass the proxy, whether using
SecureClient or not.
Ray
From: Michael Schwartzkopff To: Ray [EMAIL PROTECTED]
Subject: Re: [FW-1] Problems with SecureClient and Internet Explorer?
Date: Fri, 25 Jun 2004 14:18:30 +0200
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Freitag, 25. Juni 2004 14:04
In SmartviewMonitor, look near the upper right corner of the display.
There's a little numeric dsplay that gives you the total.
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Monitoring
of the
planets go cold. We currently have everyone behind Hide NAT.
Ray
From: Chris Hoff [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge setup - getting close!
Date: Fri, 25 Jun 2004 08:59:37 -0500
I just got off
know of a fix? Outside of putting it in the registry manually, of course.
:-)
Thanks,
Ray
_
Watch the online reality show Mixed Messages with a friend and enter to win
a trip to NY
http://www.msnmessenger-download.click-url.com/go
sk18666 has a change you may need to make. I'm reluctant to post its details
because it's not in the public SecureKnowledge database. The article
references FP3. We upgraded from FP3 directly to R55 and still had to make
this change. After making it, it works as advertised.
Ray
From: Christian
Gees, that's an article with pretty ugly ramifications! severe problems
and unable to load rulebase??
Thanks for pointing it out, Chris. Hopefully Check Point will yank one or
the other article. I guess I better go undo that previous article.
Ray
From: Chris Hoff [EMAIL PROTECTED]
Reply
Are these in production yet? If not, ask your Check Point SE to see if they
can get you a copy of the latest beta firmware. Another resource is the
discussion forums at www.sofaware.com
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
Do you have a static route in the firewall that says to send packets bound
for the internal network to the next hop inbound router?
Ray
From: NAVTEJ KOHLI [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Problem in Hide
-way. I've got the beta 4.5 software running on it.
Ray
From: Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge setup - getting close!
Date: Wed, 30 Jun 2004 19:03:01 -0400
naw not even close to production yet
is UserAuthority. No Nokia packages yet.
Ray
_
MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood!
http://movies.msn.click-url.com/go/onm00200509ave/direct/01/
=
To set
I found an FAQ that says the SSL Extender will not work if you use SCV, and
we use it extensively. Maybe the next release of VPN-1 will allow more
granularity on whether SCV is enforced, such as allowing multiple remote
access communities and enforcing SCV by community instead of globally.
Ray
7 and I haven't had a power failure since we went to
3.7.1
Ray
From: Raymond Jacob [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] schedule powerdown of nokia firewall
Date: Thu, 1 Jul 2004 18:45:16 +
We have a power
on 80 443 as
well, and why 80 has such a huge amount of detail available before a login
occurs.
Thanks,
Ray
_
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy
. That will probably require an intermedate
install of FP3 since I think IPSO v3.7 requires FP3 HF2 as a minimum before
it can be installed.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] NG FP2 --- NG AI_R55
on 80 443 as
well, and why 80 has such a huge amount of detail available before a login
occurs.
Thanks,
Ray
_
Get tips for maintaining your PC, notebook accessories and reviews in
Technology 101. http://special.msn.com/tech
Yes, we set everyone to UDP encapsulation and IKE over TCP and have no NAT
issues.
Ray
From: Raymond Jacob [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Blocking of port 264 and 18264 on Checkpoint
Date: Thu, 1
You can use the SecureClient Packaging Tool to customize your installation
executable. One of the customizations is to disable the end user's ability
to disable the policy.
Ray
From: yang ya bin [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
For those of you experiencing this during a SecureClient installation, Check
Point has posted resolution sk24348. It only happens if one of two
particular builds were previously installed.
Ray
_
Check out the latest news, polls
it.
Thanks,
Ray
Updates: Check Point releases updates for SPLAT quite frequently. My
gripes in this area are that they don't keep User Center up-to-date
(they're up to HFA 07 on NG AI R55 but still only show HFA 04 on User
Center; I go through my SE for all support issues). Their documentation
for non-major
Do you have it set to rematch connections after a policy install? I push
policy to R55 via SecureClient all the time and never get kicked off.
Ray
From: Sascha Picchiantano [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re
Don't sell your knowledge short, Neil. This may be a red herring.
Gateway Properties
Advanced
Connection Persistence
I don't know if it works with remote access connections as well, I just know
I have rematch selected and I never get booted out.
Ray
From: Neil Kemp [EMAIL PROTECTED]
Reply
I create an image of it using DriveImage Pro every couple of weeks or so for
disaster recovery.
Ray
From: Juan Andrés Galavís [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Backing Up FW-1 Management on w2k
Date: Wed
smsstart.bat from a command prompt.
I've got a case open on this with Nokia now but the ball is now in Check
Point's lap. I've not seen cpstart kill it, though, but I'm on HFA06, which
has some Edge fixes built in.
Ray
From: Kristen Thorsen NOMIME [EMAIL PROTECTED]
Reply-To: Mailing list
apparently possible that the the firewall
won't start.
Ray
From: Alan Baker [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] User Database Management
Date: Thu, 8 Jul 2004 12:29:12 +0100
We've just upgraded from 4.1 to NG AI (R55
Yeah, there's a Nokia KB article on it that says it's benign and ignore it.
It was supposed to be fixed in a later version of IPSO. I don't see it any
more on 3.7.1 build 10.
Ray
From: Tom Stala [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
to announce that SmartCenter R55 HFA7 (Hot Fix Accumulator
7)has been released.
This release includes significant enhancements for managing VPN-1 Edge and
Nokia IP40 devices.
The new release is available from the Check Point download center
--
Ray
From: Stewart Williams
Does a simplw telnet owaserver 80 and telnet owaserver 443 produce a
connection?
Ray
From: theG man [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Outlook Web Access
Date: Fri, 9 Jul 2004 19:28:26 -0700
Hi everyone
If so, any difficulty reports would be appreciated, particularly on Windows
2000 managament stations and Nokia IPSO gateways.
Thanks,
Ray
_
MSN Toolbar provides one-click access to Hotmail from any Web page FREE
download! http
think you do. As I recall, at least when we licensed, 251 and above is
considered unlimited.
Ray
From: Subhasis Gupta [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Checkpoint Licensing
Date: Mon, 12 Jul 2004 00:13:42 -0700
multiple computers
trying to get the same Office Mode IP address.
Ray
From: Bakin David [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Hangups with Sysprep using SecureClient
Date: Mon, 12 Jul 2004 16:30:01 -0400
All,
Has anyone
I'll bet they fix this in the next release. SecuRemote used to work with
Office Mode and then that ability was taken away. Their KB articles say
SecureClient is required for Office Mode and that piece of software requires
a paid-for license.
Ray
From: Brian Granier [EMAIL PROTECTED]
Reply
as
well.
Ray
From: Alaric Turner [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Double NATing, Securemote
Date: Wed, 14 Jul 2004 01:45:45 +0100
Having spoken with my Checkpoint rep an additional licence is required
working. This tells me
that it definitely is a Check Point problem.
Thanks,
Ray
_
Get fast, reliable Internet access with MSN 9 Dial-up now 2 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01
As I recall, the number of people in the User Group that are authorized to
logon to the policy server is how it enforces the license count.
Ray
From: Jochen Vogel [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1
this
issue.
Thanks again to all of you who helped me wrestle with this problem,
Ray
_
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01
reports. This product is a real value at $700 for unlimited servers.
Ray
From: Covington, Chris [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] vpn keepalive
Date: Fri, 23 Jul 2004 11:32:16 -0400
Hi all,
Does anyone know
, this is not the issue.
Is there any chance this user is behind a home router and the IP address
he/she receives from thier home router is on the same subnet as the internal
host? If so, you'll have to reconfigure thir home router to deliver an IP
address in a different subnet.
Ray
From: SIBEL MEREY [EMAIL
is running) and that the screen saver is set,
password-protected and not set longer than 15 minutes.
Ray
(SCVObject
:SCVNames (
: (user_policy_scv
:type (plugin)
:parameters
remember how we
worked around it on Windows 98. I think it was a similar approach using a
command line option of winipcfg
If that thing has a built-in NIC or PC NIC, try removing or disabling it.
Ray
From: SIBEL MEREY [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED
Glad you got it working!
Ray
From: SIBEL MEREY [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] VPN Secureremote routing problem
Date: Wed, 28 Jul 2004 11:00:04 +0300
** High Priority **
Ray, thank you very much
http://www.checkpoint.com/techsupport/hfa.html
HFA08 for NG R55
HFA412 for NG R54
An ASN.1 hotfix for NG FP3
Here's the Alert for the ASN.1 patch that's applicable to all versions if
aggressive mode is implemented:
http://www.checkpoint.com/techsupport/alerts/asn1.html
Ray
In rereading it, it appears it may be applicable even if aggressive mode
isn't enabled.
Ray
From: Ray [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] New HFA's posted + a new ASN.1 Alert
Date: Wed, 28 Jul 2004 16:59:54
I'm confused. The purpose of a VPN is to encrypt things. If you don't want
the traffic encrypted, why use a VPN?
If there are specific services you don't want to pass through the VPN, add
them to Excluded Services.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
feature and does not work with SecuRemote.
If you change the Office Mode IP Pool range, I believe you have to reboot
thegateway as well.
Ray
From: Fabian Tuender [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Office mode
Are you talking about seeing it disabled in Device Manager? If so, I don't
know what's up with that because we see it all the time with the R55 version
of SecureClient but it never affects the operation of SecureClient. I don't
know if it's a false indication or what.
Ray
From: Alaric Turner
, the Office Mode IP
address will get dropped as a spoof. Check Point claims this is a feature
and not a bug. :-)
Ray
From: Fabian Tuender [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Office mode
Date: Tue, 3 Aug 2004
tried it, I did it from the WAN side via the web GUI and it went fine
after I got the correct version.
You did extract it from the archive first, didn't you? Unlike CP hotfixes,
you have to extract these from the download package.
Ray
From: Russell Aspinwall [EMAIL PROTECTED]
Reply-To: Mailing list
Which version of SR are you using? You should be using R55 HFA03 or R56
HFA01, not the FP3 version. They're backward compatible with the FP3
gateway.
Ray
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1
not be
spoofed, so you would still lose your job but you would know the source IP,
which probably is some consumer broadband connection infected by a bot or
from a non-friendly country.
Ray
From: Carric Dooley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL
Not yet. We have them to WatchGuard 7 Firebox IIIs and to a SofaWare box,
which I believe is based on the 4.1 architecture. Using R55, though.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] HFA 412 and VPN
This issue was reported on the SofaWare discussion groups a long time ago:
http://sofaware.infopop.cc/eve/ubb.x?a=tpcs=5006072361f=6406072361m=2521092001
They seem to be ignoring it although they did up the limit from 5 to 20 per
the messages there.
Ray
From: Petry Roman, ITS-IT [EMAIL PROTECTED
In Windows 2000 just uninstall SR, reboot and then uninstall the TCP/IP
protocol and reinstall it after another reboot. XP doesn't let you uninstall
the TCP/IP protocol, hence the reset is needed.
Ray
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL
Great! Thanks for the feedback.
Ray
From: Alan Choyna [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] BSOD whilst installing Securemote R56 on Win2k
Date: Thu, 5 Aug 2004 21:27:08 -0500
Thanks Ray, it's all cool now
this solution before with other people who have.
Sounds like Raptor limitation to me! :-)
Thanks for the information,
Ray
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go
The Management Server MUST always be upgraded first. The steps are
Management Server, push the policy, enforcement module, push the policy
again.
Ray
From: Alexander Simbun [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1
.
Ray
From: Shane Presley [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Approach to hot fixes?
Date: Tue, 10 Aug 2004 20:15:07 -0400
Agreed, I tend to take the ain't broken, don't fix it approach to a
lot of things
Internet line usage from 90%+ to about 60%. The cost of the ISA hardware
and software paid for itself in less than a year because we didn't have to
add a second T-1.
Ray
From: Hal Dorsman [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject
How would the second box be licensed? A better arrangement would be to split
the management part to its own server and then you could simply push it to
either gateway. Or set up the second gateway in a high-availability
fail-over configuration.
Ray
From: Moon, Curtis [EMAIL PROTECTED]
Reply
you to roll back to a version
and make yourself susceptible to the ASN.1 security problem.
If the end user's real IP changes over a short period of time, the problem
occurs, such as dialing in, disconnecting and then dialing back in.
Ray
From: Joe Pope [EMAIL PROTECTED]
Reply-To: Mailing list
through logs after irate employees have been
calling the Help Desk.
How hard would it have been to put a link to this interim hotfix on the
ASN.1 Alert page, or just a note saying if yo have experienced this problem,
open a support case?
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion
about changing or distributed IPs.
The bandwidth reduction allowed us to defer a second T-1 for over two years,
so the whole deployment paid for itself inside of a year.
Ray
From: Crist Clark [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED
outbound in FW-1. Is my understanding
correct?
Ray
From: Bergin, Rob [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] NAT Traversal and IPSec Pass Through
Date: Wed, 18 Aug 2004 11:06:42 -0400
Hi All,
Nortel says one
whether SCV applies to a particular community, the
traditional policies can go.
Ray
From: David A Muscat [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Remote extranet access over SecuRemote/SecureClient
Date: Fri, 20
Does it mean you installed HFA08 for R55? If so, go download the latest
version of the release notes a I believe they address this.
Ray
From: Salomé Reíllo [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [FW-1] Syncronization
We took an FP3 HF2 gateway straight from IPSO 3.6 FCS 3 to IPSO 3.7.1 build
10 with absolutely no issues. The IPSO release notes say you have to be on
FP3 HF2 or later to use IPSO 3.7x.
It was an IP120, though, not an IP440, if that makes a difference.
Ray
From: Grabowski, David [EMAIL PROTECTED
I don't know if it's available in SecuRemote, but R55 has a feature named
ipassignment.conf which is a file where you can set a user ID and the IP
address they always will get. Kind of a DHCP reservation thing. I do know it
works in SecureClient and Office Mode.
Ray
From: Tom Brown [EMAIL
regardless of what port is used, a major difference from R55.
Ray
From: Mateo Cabrera [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
Date: Fri, 27 Aug 2004 14:20:23 -0300
NO...NO...NO...you don
On the Check Point software subscription site. No release notes on the
changes that I could find.
Ray
_
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy
, we are using compression, but straight IPSec doesn't have the issue.
Ray
From: Jeanne MAILLARD [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CheckPoint Visitor Mode
Date: Tue, 31 Aug 2004 15:27:45 +0200
Hello !
Maybe can you help me too...
It's about disconnections when using Visitor Mode. Have
.
Or maybe it's a Nokia under the covers?
Ray
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
=
To set vacation, Out
desktop
security rules look like?
Normally you cannot ping the gateway unless you add a rule to allow it. Is
this a simplified or traditional policy? Do you have a specific rule in the
rule base to allow the SecureClient traffic access into and out of the
internal network?
Ray
From: Bob [EMAIL
different from the
internal network?
Ray
From: Bob [EMAIL PROTECTED]
To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [FW-1] SecureClient and Internal Network Access
Date: Wed, 1 Sep 2004 16:33:37 -0700 (PDT)
Hi Ray,
Let me thank you
suggestions,
Ray
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
=
To set vacation, Out-Of-Office
internal networks. We are using hub mode for SecureClient.
Any pointers would be appreciated!
Thanks,
Ray
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
hthttp://messenger.msn.click-url.com/go/onm00200471ave
1 - 100 of 943 matches
Mail list logo