Le 30/05/2013 17:25, Giacomo Fazio a écrit :
Hello,
i did an upgrade from R75.45 to R76 Gaia without problems.
But now when I install rules I have this fatal error :
/opt/CPsuite-R76/fw1/conf/iasf.ph .line 404768: ERROR: stab identifier
vpn_routing for host fw fw1ngx
pkc_mls
Enviado el: lunes, 28 de junio de 2010 12:21
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Asunto: Re: [FW-1] Problem with implied rule that deny http traffic
Le 6/24/2010 11:03 AM, Antonio Barrantes a écrit :
Hi,
Somebody has any idea to resolve it?
create a new service on tcp port 80
Hi,
If you are using URL Filtering or AV do NOT use static NAT, use only hide
behind Gateway for http traffic...
It's not a bug... ;-)
Dimitris
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of
Le 6/24/2010 11:03 AM, Antonio Barrantes a écrit :
Hi,
Somebody has any idea to resolve it?
create a new service on tcp port 80 and set the match for any on this
one.
use this service instead of the default http service in the rule that
triggers the rule 0 drop, and check with fw ctl zdebug
Hi,
Somebody has any idea to resolve it?
Thanks
Antonio
-Mensaje original-
De: Mailing list for discussion of Firewall-1
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] En nombre de Antonio
Barrantes
Enviado el: lunes, 21 de junio de 2010 16:33
Para:
Köhler a écrit :
Hi folks,
I have running R62 on mgmt. and on the module. When I am trying to establish
an IPSec over L2TP from a Microsoft XP-SP3 Client, the main-mode fails after
the 4th packet.
I need to use certificates on the client side and the client side is behind
NAT.
Thanks for your answers but the tests of the new read-only admins was
donde from the machine of one of the regular read/write admins, so there
is no way this is an issue with the GUI Clients list.
On any case, if I'm not mistaken, the error you get when attempting to get
connected from a machine
@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem logging with Dashboard using read only admin
Thanks for your answers but the tests of the new read-only admins was
donde from the machine of one of the regular read/write admins, so
there
is no way this is an issue with the GUI Clients list.
On any case
isnt there a way to tell the management who is allowed to contact it and if you
are not in that list you will not be able to connect. Some places use all so
the do not have that issue, but that is un-secure.
- Original Message
From: Sergio Alvarez seral...@gmail.com
To:
be sure the machines these 2 additional admins are attempting to access SDB
from are defined as GUI clients. Alternatively, consider implementing Smart
Portal(so long as you're licensed for it). SmartPortal provides web-based
read access into the Smart Center.
On Fri, Jun 26, 2009 at 8:26 PM,
If this is a HA gateway you might want to check the state sync.
Procedure:
1) Run CPCONFIG on each cluster member and select Enable Check Point
ClusterXL and State Synchronization.
2) Stop/start the firewall services by typing the follwing in succession at
prompt: cpstop cpstart
3) Log in to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Senior wrote:
| Hello Edouard
|
| Did you gain any insight into the problem described below?
|
| I had more or less the same problem when rebulding one node of a SPlat
| cluster after a failed upgrade. As soon as SIC was complete between
| the
Hello Edouard
Did you gain any insight into the problem described below?
I had more or less the same problem when rebulding one node of a SPlat
cluster after a failed upgrade. As soon as SIC was complete between
the rebuilt node and the manager, neither node saw the other, and both
tried to
Hello Joshua, Hello List!
Did you try a smtp-resource?
You will get many options to strip/modify the mail-header.
But: If your Firewall is under heavy load you should consider that you will
need additional resources such as HHD-Space, a faster CPU and RAM.
It will also produce a little delay in
Markus Schmidt a écrit :
Hi,
I've installed the R61 HFA_02 on my Smart Center and on the standby
Cluster node.
However, I'm not able to connect anymore to that Clusternode via ssh
from my SmartCenter. The Policy allows that connection, and I can see it
as allowed in the SmartTracker, also.
In
Hi
there is no incomming ssh connection, as long as I leave the polic
installed. If I disable the policy, everything runs fine.
But the strange thing: the policy allows ssh, and, as said, the
connection appears also as accepted in the Tracker.
The ssh is also only a example, the same behaviour
Markus Schmidt a écrit :
Hi
there is no incomming ssh connection, as long as I leave the polic
installed. If I disable the policy, everything runs fine.
even if there is no connection, you should see at least a syn request,
unless someone else
on the LAN has the same MAC address.
But the
I don't remember that particular behavior, but I have seen strange things
similar to that when having a half updated cluster (one updated and one
not).
I could not tell you what exactly causes these situations, but usually
finishing the upgrade process gets everything back to normal. So my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Markus Schmidt [EMAIL PROTECTED] wrote:
there is no incomming ssh connection, as long as I leave the polic
installed. If I disable the policy, everything runs fine.
But the strange thing: the policy allows ssh, and, as said, the
connection
of cc
Firewall-1
FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Problem renewing
POINT.COM
Subject
@AMADEUS.US.CHECK Re: [FW-1] Problem renewing
POINT.COMSecuRemote certificate
discussion of cc
Firewall-1
FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Problem
by
partial DN, like a last name that's part of a certificate name.
Ray
From: John Lindblom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem
discussion of cc
Firewall-1
FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Problem renewing
From: John Lindblom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem renewing SecuRemote certificate
Date: Wed, 5 Sep 2007 09:36:01 -0500
I'm
Re: [FW-1] Problem renewing
POINT.COMSecuRemote certificate
09/03/2007 09
Great! Thanks for the follow-up note,
Ray
From: Richard Newton [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem renewing SecuRemote
expire.
Ray
From: John Lindblom [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem renewing SecuRemote certificate
Date: Tue, 4 Sep 2007 08:43
Which certificate is expired? The one that the SecuRemote uses to
authenticate themselves to the firewall or the actual VPN certificate on the
firewall?
If it is an end user certificate, it cannot be renewed once it's expired.
If it's the one for the firewall, try un-checking VPN on the
Ray -- Thanks so much. It looks like this did the trick. (It was the VPN
cert on the firewall that was expired.)
~~Richard~~
On 9/3/07, Ray [EMAIL PROTECTED] wrote:
Which certificate is expired? The one that the SecuRemote uses to
authenticate themselves to the firewall or the actual VPN
Hello guys,
Yesterday I gave my customer a visit to work on this issue and after hours
of troubleshooting, I finally got it resolved although I'm not quite sure
why my solution worked, so I'm wondering if someone can help me a bit with
that and in that way I might be able to polish things a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio Alvarez [EMAIL PROTECTED] wrote:
An obvious solution would be to change the masters file to point to
the IP of the SMC instead of its hostname, but I had tried that in the
past working on a different deployment and had found out the system
Thanks David,
Actually I went through those steps, although I added the hostname manually
to the /etc/hosts file and it got removed when the system rebooted, so I
checked and found the option to do it via Voyager. The commands to provided
to add those hosts via CLI will be useful for my commands
Sergio,
Based off your description, it appears the problems are coming off how SMC
is 'hide-natt'd. Tweaking 'hosts' file anyways is not going to help nor
would it help tweaking the 'masters' file. The $FWDIR/conf/masters file is
auto-generated once SIC is established and policy pushed depending
I forgot to mention one last critical element and that is once you have
edited the $FWDIR/conf/masters file to reflect the SMC IP under Logging, fw
module would require 'cpstop/cpstart'.
-r
On 7/21/07, Rajeev Gupta [EMAIL PROTECTED] wrote:
Sergio,
Based off your description, it appears the
Thanks a lot Rajeev, I will see if we can try that soon, although it could
take some time depending on how busy my customers are and how possible to
cpstop that machine.
Anyway your idea makes a lot of sense.
I appreciate your reply.
On 7/21/07, Rajeev Gupta [EMAIL PROTECTED] wrote:
I forgot
hi,
I guess your mgmt is static NATed and your remote module has no
access to the internal IP of the smc. but it tries to send the logs
to the internal IP instead of the NATed IP of the smartcenter.
please try to create a secondary-mgmt-object with the NATed IP of the
smartcenter server and
Hi Reinhard,
I thought checkpoint NG with AI R54 and higher supposed to fix this.
Under the NAT tab, there is a check box that is supposed to take care
of this. The solution you suggested is for NG Feature Pack 3 or lower.
Reinhard Stich [EMAIL PROTECTED] wrote:
hi,
I guess your
I would start like this:
Do a 'netstat -an | grep 257', for example, to see your module/s connection
status - is it established to the SMC IP or what???
Second debug 'fwd' on both the SMC and FW module 'fw debug fwd on' - leave
it on for a minute or two to capture data and look through
Thanks a lot for all your input guys.
I still haven't had the chance to get my hands on those boxes, that was
supposed to happen today, but my customer called to cancel and it will be
tomorrow afternoon.
My customer deployed the remote Nokia on his own and basically all the boxes
involved
If you are sure the 257 is reaching the manager, you could first try a
cprestart on the manager, if this is no good try doing a cpstop and
moving or deleting the entire contents of the log directory, then a
cpstart. A separate log server will behave much in the same way until
you do an install
[mailto:[EMAIL PROTECTED] On
Behalf Of Sergio Alvarez
Sent: Wednesday, July 18, 2007 10:03 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem with logs
Thanks for replying Scott,
I´ll try the cprestart and the cleaning the logs folder, but I'm not quite
sure what did you
Thanks for replying Scott,
I´ll try the cprestart and the cleaning the logs folder, but I'm not quite
sure what did you mean with the following lines:
A separate log server will behave much in the same way until
you do an install database to it, it will ignore the 257 that it gets
We do not
Hi
What is the IP that the secureclient enters when creating the site (when
connecting from the internet)? Is it the statically NAT'd IP of the cluster or
is it the statically NAT'd IP of the firewall interface that connects to your
ISP???
Regards
Shiroma
Joel Guillerm [EMAIL
]
Sent by: Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
06/06/2007 12:20
Please respond to
Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
cc
Subject
Re: [FW-1] Problem
@AMADEUS.US.CHECKPOINT.COM
cc
Subject
Re: [FW-1] Problem to establish VPN connection (NAT pb...?)
Hi
What is the IP that the secureclient enters when creating the site (when
connecting from the internet)? Is it the statically NAT'd IP of the
cluster or is it the statically NAT'd IP of the firewall interface
hi,
are you able to create a new site with usind this R62's IP?
please check your cluster's object if the main-IP is the external
(official) IP of this cluster.
it that still does not help check on the client where it tries to
connect using any sniffer-tool (for example ethereal or as it's now
Hello,
our environment is as follows :
Cluster of 2 Nokia IPSO 4.2, CheckPoint NGX R62 , SecureClient NG AI R56
We tried to establish a VPN connection from a Win XP SecureClient PC
client without success ;
no way to get any logs about these VPN tests under SmartTracker or in
Secure client
Hi,
I had a similar case because of having used strange characters in the
policy (I used '¿' in a rule name or object name). I would list modified
objects in audit logs and review them.
Best regards.
- Original Message -
From: Mick Reay [EMAIL PROTECTED]
To:
Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM wrote on 11.05.2007 09:16:05:
I have had this before as well (on FP3, NG, NG w. AI)...
Simply disable as much as possible the SmartDefense protections,
especially the worm catcher P2P protections. Don't
Frank Sackewitz wrote:
Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM wrote on 11.05.2007 09:16:05:
I have had this before as well (on FP3, NG, NG w. AI)...
Simply disable as much as possible the SmartDefense protections,
especially the worm catcher
Frank Sackewitz wrote:
Only I found is #sk23532:
Solution: SmartDefense manual updates are currently not supported. :-(
A year ago or two one of our CP security engineers told me that you
could do it and he even showed me a document on how to do it (something
involving an internal apache
41
-Original Message-
From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On
Behalf Of Frank Sackewitz
Sent: vrijdag 11 mei 2007 10:03
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem pushing policy to gateway
Mailing list for discussion
Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM wrote on 11.05.2007 10:48:03:
Frank Sackewitz wrote:
Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM wrote on 11.05.2007
09:16:05:
I have had this before as well
The gateways need module's license.
Claudia Cordova
Soporte Tecnico
-Mensaje original-
De: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] En nombre de Mick Reay
Enviado el: Jueves, 10 de Mayo de 2007 10:11 a.m.
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Asunto:
The gateways all have licences.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe
: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Mick
Reay
Sent: Thursday, May 10, 2007 12:46 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem pushing policy to gateway
The gateways all have licences
Thanks for the suggestion. Have already checked the CP web site, and also
checked the IP addresses are correct.
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem pushing policy to gateway
Thanks for the suggestion. Have already checked the CP web site, and
also
checked the IP addresses are correct.
=
To set vacation, Out-Of-Office
:31
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Asunto: Re: [FW-1] Problem with VPN
just a little addition, i've found this link quite useful for
understanding about CP VPN error message :
http://www.boerderie.com/VPNdebugging.html#CPNG
rgds,
Ali HS
On 4/4/07, David DeSimone [EMAIL PROTECTED
:22 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem with VPN
Thanks to all of you, but I haven't found how to solve this yet. The problem
is that all VPN connections worked before the Nokia appliance was restarted.
Now all VPN connections have the same error that I
Julio Bretín Díaz a écrit :
Thanks to all of you, but I haven't found how to solve this yet. The problem is
that all VPN connections worked before the Nokia appliance was restarted. Now
all VPN connections have the same error that I described in my last mail. what
can I do or what can I
Hello,
Find below the explanations in the sk19423.
Regards
Symptoms
* Error: Packet is dropped because there is no valid SA - please refer to
solution sk19423 in SecureKnowledge Database for more information.
Cause
The Error message indicates a failure in the IPSec Security Association
Hi,
I found the attached solution on Check Point's web site. I saved it as a
text file. Hope you can read it, if not let me know.
Valencia Taylor
Check Point Firewall Administrator
[EMAIL PROTECTED]
Room 6528 South Agriculture Building
202-720-4402
Julio Bretín Díaz [EMAIL PROTECTED]
Sent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Julio Bretín Díaz [EMAIL PROTECTED] wrote:
Encryption fail reason: Packet is dropped because there is no valid
SA - please refer to solution sk19423 in SecureKnowledge.
This message is just a side effect of a VPN tunnel failing to be
negotiated.
just a little addition, i've found this link quite useful for
understanding about CP VPN error message :
http://www.boerderie.com/VPNdebugging.html#CPNG
rgds,
Ali HS
On 4/4/07, David DeSimone [EMAIL PROTECTED] wrote:
=
To set vacation,
I guess there are issues if you are using multicast mode with some routers
not accepting cluster membres ARP replies associating multicast mac address
with cluster IP's. I also believe CP used to have a solution asking to put a
manual static ARP entry for the cluster IP on the router.
Try this
I am having a similar issue with migrating the global policies from NG Feature
Pack 3
Provider-1 to NGx R60 with HFA_04 Provider-1. The migrate_global_policies
works but
when I tried to assign it to a CMA, it failed. I opened a TAC case with CP
and they told
me, guess it, upgrade
On Mon, 18 Dec 2006, cisco4ng wrote:
I am having a similar issue with migrating the global policies from NG Feature
Pack 3
Provider-1 to NGx R60 with HFA_04 Provider-1. The migrate_global_policies
works but
when I tried to assign it to a CMA, it failed. I opened a TAC case with CP
and
Hugo,
That's not the way how the world works. If CP support NGx R60 then they
should release
a Fix for NGx R60 and NOT tell customer to upgrade to NGx R61. That's just
poor support,
IMHO. We have cisco equipments and if there are issues, cisco TAC will write
a patch for
us in fixing
On Mon, 18 Dec 2006, cisco4ng wrote:
That's not the way how the world works. If CP support NGx R60 then they
should release
a Fix for NGx R60 and NOT tell customer to upgrade to NGx R61. That's just
poor support,
IMHO. We have cisco equipments and if there are issues, cisco TAC will
cisco4ng wrote:
Hugo,
That's not the way how the world works. If CP support NGx R60 then they
should release
a Fix for NGx R60 and NOT tell customer to upgrade to NGx R61. That's just
poor support,
IMHO. We have cisco equipments and if there are issues, cisco TAC will
write a
EdonkeyTCP, in the Advanced Options: Port:1025-65535, Protokoll
Type:EDONKEY, the 'Match Any' box is unchecked.
The Problem is, that this rule matches for every connection with port
above 1025, it seems that Checkpoint does not care for the Protokoll
Type. Is this true? What's my mistake?
The
Thx a lot for this verry usefull information, now some things have
become a little clearer to me.
regards
--
http://schmidt.bs-server.com
Thorsten Behrens schrieb:
EdonkeyTCP, in the Advanced Options: Port:1025-65535, Protokoll
Type:EDONKEY, the 'Match Any' box is unchecked.
The Problem
Well, i tried with the Hotfixes installed today, but same errors occured
:( Any other Ideas?
__
http://schmidt.bs-server.com
Michael Schwartzkopff schrieb:
Am Montag, 27. November 2006 15:59 schrieb Markus Schmidt:
Oh, Sorry.
It's an NGX R61, without HFA. This was a plain new install, where
Am Dienstag, 28. November 2006 16:07 schrieb Markus Schmidt:
Well, i tried with the Hotfixes installed today, but same errors occured
What errors? What do the logfiles say?
Michael Schwartzkopff
=
To set vacation, Out-Of-Office, or away messages,
According to the logs, everything is fine :( But i get a Connection
refused when accessing my mailserver via telnet, as long as Content
Inspection for smtp is activated. (When it's not, i can acces vial
telnet, and that access is logged).
Michael Schwartzkopff schrieb:
Am Dienstag, 28.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi, what is your Firewall version ?
did you upgrade this firewall from an early version ?
Saludos,
Alvaro Gastambide Lusiardo
Check Point Certified Security Administrator - MCSA
Dpto. de Ingenier�a
Security Advisor
www.sadvisor.com
Markus
Oh, Sorry.
It's an NGX R61, without HFA. This was a plain new install, where i had
restored my system via a backup, and the firewall stuff via
upgrade-export/upgrade-import.
Alvaro Gastambide schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi, what is your Firewall version ?
did
Am Montag, 27. November 2006 15:59 schrieb Markus Schmidt:
Oh, Sorry.
It's an NGX R61, without HFA. This was a plain new install, where i had
restored my system via a backup, and the firewall stuff via
upgrade-export/upgrade-import.
Install hotfixes.
Michael Schwartzkopff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Content inspection in R61 has it problem with upgrades, it works fine in
fresh installations.
I didn't try hotfix, may be the solution.
Saludos,
Alvaro Gastambide Lusiardo
Check Point Certified Security Administrator - MCSA
Dpto. de Ingeniería
Well then, i'll try the hotfix, let's see if it works...
http://schmidt.bs-server.com
Alvaro Gastambide schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Content inspection in R61 has it problem with upgrades, it works fine in
fresh installations.
I didn't try hotfix, may be the
[Astor]# cphaprob state
Cluster Mode: New High Availability (Active Up)
Number Unique Address Assigned Load State
1 (local) 192.168.147.254 100%active
2 192.168.147.253 0% standby
Should the Sync traffic be shown in the SmartView Monitor? Because,
Schmidt
Sent: Friday, November 17, 2006 4:49 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem with ClusterXL (R61) and VPN
[Astor]# cphaprob state
Cluster Mode: New High Availability (Active Up)
Number Unique Address Assigned Load State
1 (local
Is your cluster in sync? Display the output of: cphaprob state
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Markus
Schmidt
Sent: Thursday, November 16, 2006 10:27 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject:
for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] En nombre de Roger P
Herr
Enviado el: Lunes, 17 de Julio de 2006 03:06 p.m.
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Asunto: Re: [FW-1] Problem to acces to the owa using User Author
Edit the User Authority and accept any HTTP server OR go
Martine Pablo wrote:
Hi,
I ' ve problem with user author. When I make a rule to the owa
without restrictions, the rule similar as source(any) Destination(OWA)
HTTP Acept, the firewall works well, but when I modify the rule and I
use the user author, appear a login windows where I
: Re: [FW-1] Problem to acces to the owa using User Author
Martine Pablo wrote:
Hi,
I ' ve problem with user author. When I make a rule to the owa
without restrictions, the rule similar as source(any)
Destination(OWA)
HTTP Acept, the firewall works well, but when I modify the rule and I
: [FW-1] Problem to acces to the owa using User Author
Martine Pablo wrote:
Hi,
I ' ve problem with user author. When I make a rule to the owa
without restrictions, the rule similar as source(any) Destination(OWA)
HTTP Acept, the firewall works well, but when I modify the rule and I
use
))
---
Maybe it helps.
Regards
Torsten Goedicke
-Original Message-
From: Erin Young
Sent: Wednesday, June 14, 2006 1:33 AM
Subject: Re: [FW-1] Problem with FTP List Command through Firewall
The list command gets to the ftp server, proftpd, but they
insist
Use a lower security enforcement designed for optimal connectivity, which
does not demand newline characters. (This enforcement also does not check
port commands for bounce attacks and dynamic ports.) Define and use a new
service, for example ftp-new, using the protocol type FTP_BASIC in the
for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem with FTP List Command through Firewall
Date: Mon, 12 Jun 2006 14:38:17 -0400
Ask the admin of the ftp server to dump a session. If they see
Ask the admin of the ftp server to dump a session. If they see the LIST
command get to the server then it will be an application issue.
Christian Chiaverini
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Erin Young
Sent:
Hi,
Check that Accept multicast ARP replies is set to on in the IPSO
konfig (under Cluster ARP, Global ARP settings . Microsoft NLB is
using Multicast MAC adresses for the shared IP adress.
Johan Ivarsson
Certezza AB
--
Date:Mon, 5
As you mentioned the issue is with your windows cluster MAC address, can
does your cluster works fine without the firewall?? Like from the internal
network? Maybe your multicast address is not working like it supposed to.
You should see the multicast address instead of the hosts mac address.
Hi Fabrice,
The solution is to forget about SDS. It's no longer a part of the system
starting with NGX, probably because Check Point now supplies .MSI files.
You're trying to make something work that you cannot use in the future.
Ray
From: Fabrice BARUTEL [EMAIL PROTECTED]
Reply-To:
There's a file at checkpoint called upgrade_checker_B54119_1_linux.tgz
It has these files in it:
12/01/2003 11:42 AM59 build_number.conf
12/01/2003 11:42 AM 117,740 gtar
12/01/2003 11:42 AM18,335 gtar-Copying.txt
12/01/2003 11:42 AM48,448
I had a similar issue. I had to run the commands(upgrade_checker
upgrade_export) from the cdrom to get them to work.
Tony.
Oliver
Hi,
I have not used SmartUpdate for a while because of so many problem that comes
with
it. But I suspect the package that you downlaed is not the one that is used
for
SmartUpdate. To be sure, download the package again and run:
tar -xzpf .tgz
if you see a SU
If you've downloaded an HFA, you'll need to unpack the *HFA*.tgz
file, and then separately import the cpshared* and fw1* packages
contained within. You can't just import the HFA as one chunk, it
needs to be separate.
I understand what cisco4ng means about issues with SmartUpdate. I
used
1 - 100 of 185 matches
Mail list logo
