Hi List
Eventia Reporter:
I could see VPN-1 EDGE log on smartview tracker
But when I run report only select 'edge',
I couldn't see any result on report.
Edge: (firmware and libsw)6.0.63
Eventia Reporter :
OS : splat NGX_R60_03
On Sat, 3 Jun 2006 00:00:01 -0700, FW-1-MAILINGLIST
automatic digest system wrote
> There are 8 messages totalling 1030 lines in this
issue.
>
> Topics of the day:
>
> 1. Fwd: Re: [FW-1] secure remote users cannot access
target servers in VPN
> domain (2)
> 2. Do you have "/opt/CPEdgecmp" on NGX
R60 HFA03? (was RE: [FW-1] SV: [FW-1]
> NGX R60 HFA03 SPLAT libsw directories)
> 3. Fwd: Re: [FW-1] secure remote users cannot access
targ et servers in VPN
> domain (3)
> 4. HELP PLEASE !!!!! Running Nokia IPSO 3.9 and
Checkpoi nt NGAI R55
> 5. merging multiple logs into one using software or
tool
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
>
------------------------------------------------------------
----------
>
> Date: Fri, 2 Jun 2006 00:29:45 -0700
> From: Shiroma Dassanayake <nilshiro2000YAHOO.COM>
> Subject: Fwd: Re: [FW-1] secure remote users cannot
access target servers in
> VPN domain
>
> --0-251395107-1149233385=:18866
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
>
> Note: forwarded message attached.
>
> Dear all
>
> Thanks to all of you that replied. The Secure remote
clients are not
> connecting though ADSL, so PPOE is not used. A few
additional tests were
> conducted that is why theres been a delay in the
reply.
>
> The secureremote client is installed on a machine
that is part of the
> internal lan of a supplier. The secure remote client is
assigned a "statically
> natd public IP" when it leaves the company
gateway to access the internet.
>
> Conditions under which this secure remote client can
access the target
> servers in our VPN domain:
>
> secure remote client machine connects to the ISP
router directly (bypassing
> the company firewall)
>
> secure remote client machine connects to the internet
through a dial up
> connection to an ISP.
>
> As soon as the secure remote client machine is placed
in the company lan and
> is statically NAT'd to a public IP, it cannot access
the target servers
> contained in the VPN domain behind our gateway. The
client machine is able to
> download the site details but is not able to access the
target servers.
>
> Is there a restriction in secureremote that prevents
a secureremote client
> from accessing servers contained within a VPN if the
connection originates
> from a public IP that has been statically NATd?
>
> Thanks and regards
> Shiroma
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
protection around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
> --0-251395107-1149233385=:18866
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> Reply-To: Mailing list for discussion of Firewall-1
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Fri, 2 Jun 2006 09:34:33 -0300
> From: Paulo Zenari <p_zenariYAHOO.COM.BR>
> Subject: Re: Fwd: Re: [FW-1] secure remote users cannot
access target servers
> in VPN domain
>
> Hi Shiroma,
>
> There was a thread about this on this mailing list a
few days ago.
> Check a possible solution below.
>
> Regards,
>
> Paulo Zenari
> p_zenariyahoo.com.br
>
> > Hi Antonio,
> >
> > A possible answer to the third question:
> >
> > To achieve full SC connectivity, even behind the
most esoteric NATing
> > devices, you may want to enable the following:
> >
> > - On the gateway object, *'Remote Access'* tab:
check the *'Support
> > NAT traversal mechanism'* box;
> > - On the gateway object, *'Remote
Access->Office Mode'* tab: *Enable
> > Office Mode* and configure it's options;
> > - On the Global Properties, *'Remote
Access->VPN - Basic'* tab: Check
> > the *'Gateways support IKE over TCP'* box.
> >
> > The last item is particularly useful when
establishing the VPN from
> > behind a Checkpoint FW1 or DSL router. IKE UDP
packets are big, and
> > some routers appear to have problems in
reassembling those packets.
> > Supporting IKE over TCP
> >
> > Some points to consider:
> >
> > - To support Office Mode, the VPN client must be
installed as Secure
> > Client, even if you don't have a Policy Server;
> > - Secure Client must be configured to support all
the three options
> > listed. It's wise to create a preconfigured
package;
> > - The proposed setup allows VPN establishment even
from rfc1918
> > networks with conflicting addresses. Example: VPN
from a
> > 192.168.5.0/26 network, while your encryption
domain contains a
> > sub/superset of this network, such as
192.168.0.0/16. The drawback is:
> > you won't be able to communicate with local
conflicting addresses
> > while the VPN is established.
> > - Enabling those options on the gateway only adds
functionality. Your
> > old VPN clients will still work.
> > - Your internal network must know that the IP
range chosen as the
> > Office Mode pool must be routed back to your
Checkpoint;
> > - The IP range chosen as the Office Mode pool
*MUST NOT* appear in the
> > encryption domain. If your encryption domain is
such a thing like
> > 10.0.0.0/8 and you want to use 10.40.1.0/24 as an
Office Mode pool,
> > create a 'group with exclusion'.
> >
> > I hope this information is useful! 
> >
> > Regards,
> >
> > --
> > Paulo Zenari
> > p_zenariyahoo.com.br
> >
> >
> > Antonio Costa wrote:
> > Hi all,
> >
> > Three questions about SecuRemote/Secure Client :
> >
> > - any have found or implemented a SC/SR tester
application ?
> >
> > - sometime ago we had tested with GSM/GPRS
companies in Brazil, USA
> > and
> > Europe and
> > with none of them we could stablish a SC
connection. We also found a
> > RFC about problems
> > using IPSec clients in GSM/GPRS networks.
> >
> > Does anyone have done any test or have
success story about it ?
> >
> > - how can i tell SC to stablish an encrypted
connection to our gateway
> > even if the local IP
> > address belongs to an internal lan behind my
firewall ?
> >
> > --
> > Antonio Costa
> > CCNA/CCSE/MCSE/LinuxAdmin
> > Sao Paulo / Brasil
>
> Shiroma Dassanayake wrote:
> > Note: forwarded message attached.
> >
> > Dear all
> >
> > Thanks to all of you that replied. The Secure
remote clients are not connecting
though ADSL, so PPOE is not used. A few additional tests
were conducted that is why
theres been a delay in the reply.
> >
> > The secureremote client is installed on a
machine that is part of the internal
lan of a supplier. The secure remote client is assigned a
"statically natd public IP"
when it leaves the company gateway to access the internet.
> >
> > Conditions under which this secure remote client
can access the target servers in
our VPN domain:
> >
> > secure remote client machine connects to the ISP
router directly (bypassing the
company firewall)
> >
> > secure remote client machine connects to the
internet through a dial up
connection to an ISP.
> >
> > As soon as the secure remote client machine is
placed in the company lan and is
statically NAT'd to a public IP, it cannot access the
target servers contained in the
VPN domain behind our gateway. The client machine is able to
download the site details
but is not able to access the target servers.
> >
> > Is there a restriction in secureremote that
prevents a secureremote client from
accessing servers contained within a VPN if the connection
originates from a public IP
that has been statically NATd?
> >
> > Thanks and regards
> > Shiroma
> >
> >
__________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
protection around
> > http://mail.yahoo.com
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERVamadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http:
//www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ownerts.checkpoint.com
> > =================================================
> >
------------------------------------------------------------
------------
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERVamadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http:
//www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ownerts.checkpoint.com
> > =================================================
> >
------------------------------------------------------------
------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.394 / Virus Database: 268.8.1/354 -
Release Date: 1/6/2006
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Fri, 2 Jun 2006 08:18:01 -0500
> From: Jim Johnson <jimpublicFRHS.ORG>
> Subject: Do you have "/opt/CPEdgecmp" on
NGX R60 HFA03? (was RE: [FW-1] SV:
> [FW-1] NGX R60 HFA03 SPLAT libsw directories)
>
> So it appears that my entire
"/opt/CPEdgecmp" directory has disappeared.
> Can anyone else running R60 HFA03 verify if they have
this directory?
>
> # ls -l /opt
> total 44K
> lrwxrwxrwx 1 root root 28 Mar 29 14:41
CPDownloadedUpdates
> -> /var/opt/CPDownloadedUpdates
> drwxr-xr-x 2 root root 4.0K May 1 22:23
CPInstLog
> drwxrwx--- 3 root bin 4.0K Mar 29 14:43
CPinfo-10
> drwxrwx--- 3 root root 4.0K Mar 29 14:35
CPshared
> drwxrwx--- 8 root bin 4.0K May 1 22:24
CPshrd-R60
> drwxr-x--- 4 root bin 4.0K May 1 22:24
CPsuite-R60
> drwxr-x--- 5 root bin 4.0K May 1 22:18
SecurePlatform
> drwxr-xr-x 2 root root 16K Mar 29 14:30
lost+found
> drwx------ 9 root root 4.0K Mar 29 14:36
spwm
>
> > -----Original Message-----
> > From: Mailing list for discussion of Firewall-1
> > [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf
> > Of Torkel Mathisen
> > Sent: Friday, June 02, 2006 2:02 AM
> > To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> > Subject: [FW-1] SV: [FW-1] NGX R60 HFA03 SPLAT
libsw directories
> >
> > Hi
> >
> > You should perhaps have libsw in
/opt/CPEdgecmp/libsw also.
> >
> > Also, on R55 there was a libsw in the
/opt/CPfwbc-41
> > directory, but thats gone on R60 I think.
> >
> > Regards,
> > Torkel
> >
> > -----Opprinnelig melding-----
> > Fra: Mailing list for discussion of Firewall-1
> > [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
[BIG5?]P堶egne
> > av Jim Johnson
> > Sendt: 1. juni 2006 20:44
> > Til: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> > Emne: [FW-1] NGX R60 HFA03 SPLAT libsw directories
> >
> > In expert mode on NGX R60 HFA03 SPLAT enforcement
module if I run:
> > # find / -name libsw
> > /opt/CPsuite-R60/fw1/libsw
> >
> > You can see that only one directory is returned.
Is this
> > normal? I thought
> > I had two libsw directories before, but I'm not
sure if HFA03
> > deleted one of
> > them, or if another admin deleted it.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERVamadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http:
//www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ownerts.checkpoint.com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERVamadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http:
//www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ownerts.checkpoint.com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Fri, 2 Jun 2006 09:16:18 -0500
> From: "Addepalli, Anand"
<aaddepalli1COOKSYS.COM>
> Subject: Re: Fwd: Re: [FW-1] secure remote users cannot
access targ et servers
> in VPN domain
>
> Shiroma
>
> There is no restriction in securemote that hinders
accessing a VPN domain if
> statically Nated. I have the same kind of setup from a
customer site and
> there are no problems. You just have to make sure that
they have enabled VPN
> ports outbound to your network. Their firewall must be
dropping IKE packets.
>
> Anand Addepalli.
>
> -----Original Message-----
> From: Shiroma Dassanayake [mailto:nilshiro2000YAHOO.COM]
> Sent: Friday, June 02, 2006 2:30 AM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] Fwd: Re: [FW-1] secure remote users
cannot access target
> servers in VPN domain
>
> Note: forwarded message attached.
>
> Dear all
>
> Thanks to all of you that replied. The Secure remote
clients are not
> connecting though ADSL, so PPOE is not used. A few
additional tests were
> conducted that is why theres been a delay in the
reply.
>
> The secureremote client is installed on a machine
that is part of the
> internal lan of a supplier. The secure remote client is
assigned a
> "statically natd public IP" when it leaves
the company gateway to access the
> internet.
>
> Conditions under which this secure remote client can
access the target
> servers in our VPN domain:
>
> secure remote client machine connects to the ISP
router directly
> (bypassing the company firewall)
>
> secure remote client machine connects to the internet
through a dial up
> connection to an ISP.
>
> As soon as the secure remote client machine is placed
in the company lan
> and is statically NAT'd to a public IP, it cannot
access the target servers
> contained in the VPN domain behind our gateway. The
client machine is able
> to download the site details but is not able to access
the target servers.
>
> Is there a restriction in secureremote that prevents
a secureremote client
> from accessing servers contained within a VPN if the
connection originates
> from a public IP that has been statically NATd?
>
> Thanks and regards
> Shiroma
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
protection around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Fri, 2 Jun 2006 10:46:56 -0400
> From: "Concepcion, Juan"
<jconcepcionCROSSBEAMSYS.COM>
> Subject: Re: Fwd: Re: [FW-1] secure remote users cannot
access targ et servers
> in VPN domain
>
> Thing you have to ensure on client side, securemote, is
that the
> firewall has a wide open ipsec rule:
>
> Rule 1
>
> Source: any
> Destination: Remote Firewall
> Service: ike/ipsec/esp/ah
>
> Rule 2
>
> Source: Remote Firewall
> Destination: Any
> Service: ike/ipsec/esp/ah
>
> I of course have let it set to any but of course you
could ensure the
> client has a static dhcp address tied to it and replace
the "any" with
> that ip.
>
> Juan
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of
> Addepalli, Anand
> Sent: Friday, June 02, 2006 10:16 AM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] Fwd: Re: [FW-1] secure remote users
cannot access
> targ et servers in VPN domain
>
> Shiroma
>
> There is no restriction in securemote that hinders
accessing a VPN
> domain if
> statically Nated. I have the same kind of setup from a
customer site and
> there are no problems. You just have to make sure that
they have enabled
> VPN
> ports outbound to your network. Their firewall must be
dropping IKE
> packets.
>
> Anand Addepalli.
>
> -----Original Message-----
> From: Shiroma Dassanayake [mailto:nilshiro2000YAHOO.COM]
> Sent: Friday, June 02, 2006 2:30 AM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] Fwd: Re: [FW-1] secure remote users
cannot access target
> servers in VPN domain
>
> Note: forwarded message attached.
>
> Dear all
>
> Thanks to all of you that replied. The Secure remote
clients are not
> connecting though ADSL, so PPOE is not used. A few
additional tests were
> conducted that is why theres been a delay in the
reply.
>
> The secureremote client is installed on a machine
that is part of the
> internal lan of a supplier. The secure remote client is
assigned a
> "statically natd public IP" when it leaves
the company gateway to access
> the
> internet.
>
> Conditions under which this secure remote client can
access the target
> servers in our VPN domain:
>
> secure remote client machine connects to the ISP
router directly
> (bypassing the company firewall)
>
> secure remote client machine connects to the internet
through a dial
> up
> connection to an ISP.
>
> As soon as the secure remote client machine is placed
in the company
> lan
> and is statically NAT'd to a public IP, it cannot
access the target
> servers
> contained in the VPN domain behind our gateway. The
client machine is
> able
> to download the site details but is not able to access
the target
> servers.
>
> Is there a restriction in secureremote that prevents
a secureremote
> client
> from accessing servers contained within a VPN if the
connection
> originates
> from a public IP that has been statically NATd?
>
> Thanks and regards
> Shiroma
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
protection around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Fri, 2 Jun 2006 12:32:44 -0500
> From: Lino Eduardo Avila Rodr璲uez <leavilaSCITUM.COM.MX>
> Subject: Re: HELP PLEASE !!!!! Running Nokia IPSO 3.9
and Checkpoi nt NGAI R55
>
> Just a note. R55 can run on IPSO 3.9 without any
problems. I got a customer
> with this configuration and they haven't had any
issue.
>
> Regards,
>
> lino
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Peter Addy
> Sent: Jueves, 01 de Junio de 2006 05:12 p.m.
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] HELP PLEASE !!!!! Running Nokia
IPSO 3.9 and Checkpoint
> NGAI R55
>
> Hi
>
> Thanks for this, lesson learnt here, well hope so
>
> Going to install 3.8 and see how that goes
>
> cheers
>
> cisco4ng <cisco4ngYAHOO.COM> wrote:
> This is my 2c:
>
> 1) you should be running IPSO 3.7.1 build 024. It is a
very stable ipso
> version. Is there a reason why you would want to run
IPSO 3.8 or IPSO 3.9?
>
> 2) you should be running R55w with HFA_04 on IPSO3.7.1
build 24 for the
> reason that R55w is very close to NGx and it is also a
very stable version
> as well.
> Furthermore, you can use the same NG FP3 license on NG
AI R55w.
>
> Contact me offline if you need additional help. I am,
by no mean, an expert
> with Nokia and IPSO but I am managing about 500 Nokia
appliances here at
> work.
>
> cisco4ng
>
> Gary Scott wrote:
> I don't think IPSO 3.9 supports r55 only NGX. 3.8 you
needed r55p.
>
> -GS
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Peter Addy
> Sent: Thursday, June 01, 2006 4:03 PM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] HELP PLEASE !!!!! Running Nokia IPSO
3.9 and Checkpoint NGAI
> R55
>
> Hi
>
> Please help! ,this is a live environment without
redundancy !
>
> Previous configuration Nokia IPSO 3.6 and Checkpoint
FP3
>
> Upgraded to IPSO 3.9 and NGAI R55, HAF_17 performing
"new install"
> running both on Nokia IP740
>
> Upgrade went fine on one device however when coming to
failover this would
> not take effect, downed quite a few interfaces on
primary to failover but no
> VRRP advertisements seen on Secondary ????
>
> "cpstop" on primary does not perform
failover to secondary ??
>
> Also looking at the CPHA doing cphaprob stat this shows
one active and one
> down on both modules.
>
> After disabling an interface on the primary the command
"sh vrrp "
> just shows 1 less interface in master state ????
>
> Decided to upgrade primary to IPSO 3.6 and NGAI R55,
thinking this would
> resolve the problem.
> Disabled VRRP preempt mode on both Nokias and tested
failover, still not
> working and both devices went into backup, help !!!
>
> Managed to get the primary back to master by turning
the "firewall monitor"
> off in the VRRP section in voyager, checked the
Checkpoint policy and all
> seems ok, pushed policy ok, selecting cluster device as
NGAI.
>
> current status primary as master and secondary as
backup, failover not
> working and no idea why cpha shows one active and one
down?
>
> VRRP all checked, is their fundamentally something
wrong here, i'm i missing
> something !! has anyone come across this before?
>
> Your help is most appreciated
>
> Thanks
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection
around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send
an email to
> LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send
an email to
> LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ---------------------------------
> Yahoo! Messenger with Voice. PC-to-Phone calls for
ridiculously low rates.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send
an email to
> LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
protection around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send
an email to
> LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Fri, 2 Jun 2006 17:09:19 -0400
> From: Caballero Carlos <ccaballeroBANCOMERCANTIL.COM.BO>
> Subject: Re: Fwd: Re: [FW-1] secure remote users cannot
access targ et servers
> in VPN domain
>
> Shiroma,
>
> Have you solved your problem?
>
> Carlos Caballero
> Ingeniero de comunicaciones
> Banco Mercantil S.A.
> La Paz - Bolivia
> Telf: (591) 2 2409040 Ext.: 4441
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of
> Concepcion, Juan
> Sent: Viernes, 02 de Junio de 2006 10:47 a.m.
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] Fwd: Re: [FW-1] secure remote users
cannot access
> targ et servers in VPN domain
>
> Thing you have to ensure on client side, securemote, is
that the
> firewall has a wide open ipsec rule:
>
> Rule 1
>
> Source: any
> Destination: Remote Firewall
> Service: ike/ipsec/esp/ah
>
> Rule 2
>
> Source: Remote Firewall
> Destination: Any
> Service: ike/ipsec/esp/ah
>
> I of course have let it set to any but of course you
could ensure the
> client has a static dhcp address tied to it and replace
the "any" with
> that ip.
>
> Juan
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of
> Addepalli, Anand
> Sent: Friday, June 02, 2006 10:16 AM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] Fwd: Re: [FW-1] secure remote users
cannot access
> targ et servers in VPN domain
>
> Shiroma
>
> There is no restriction in securemote that hinders
accessing a VPN
> domain if
> statically Nated. I have the same kind of setup from a
customer site and
> there are no problems. You just have to make sure that
they have enabled
> VPN
> ports outbound to your network. Their firewall must be
dropping IKE
> packets.
>
> Anand Addepalli.
>
> -----Original Message-----
> From: Shiroma Dassanayake [mailto:nilshiro2000YAHOO.COM]
> Sent: Friday, June 02, 2006 2:30 AM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] Fwd: Re: [FW-1] secure remote users
cannot access target
> servers in VPN domain
>
> Note: forwarded message attached.
>
> Dear all
>
> Thanks to all of you that replied. The Secure remote
clients are not
> connecting though ADSL, so PPOE is not used. A few
additional tests were
> conducted that is why theres been a delay in the
reply.
>
> The secureremote client is installed on a machine
that is part of the
> internal lan of a supplier. The secure remote client is
assigned a
> "statically natd public IP" when it leaves
the company gateway to access
> the
> internet.
>
> Conditions under which this secure remote client can
access the target
> servers in our VPN domain:
>
> secure remote client machine connects to the ISP
router directly
> (bypassing the company firewall)
>
> secure remote client machine connects to the internet
through a dial
> up
> connection to an ISP.
>
> As soon as the secure remote client machine is placed
in the company
> lan
> and is statically NAT'd to a public IP, it cannot
access the target
> servers
> contained in the VPN domain behind our gateway. The
client machine is
> able
> to download the site details but is not able to access
the target
> servers.
>
> Is there a restriction in secureremote that prevents
a secureremote
> client
> from accessing servers contained within a VPN if the
connection
> originates
> from a public IP that has been statically NATd?
>
> Thanks and regards
> Shiroma
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
protection around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> Date: Sat, 3 Jun 2006 10:22:35 +0800
> From: "Alex S." <alexalsKKIPC.COM>
> Subject: merging multiple logs into one using software
or tool
>
> Hi,
>
> Is there a software or tool which can merges a multiple
log files into
> one? I have around hundreds of logs (with 5MB each)
and wants it to
> merge into one.
>
> Thanks very much.
>
> Regards,
>
> Al
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> ------------------------------
>
> End of FW-1-MAILINGLIST Digest - 1 Jun 2006 to 2 Jun
2006 (#2006-148)
>
************************************************************
*********
--
Open WebMail Project (http://openwebmail.org)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|