|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Installing Security Policy
If you're using the predefined winframe service it won't survive. However, if you're defining a new tcp service on port 1494 and use that one instead, the citrix sessions will survive a securit policy install. Telnet and ssh are tcp services while winframe is defined as 'other' which means that it's defined in an inspect script. And you're right on the point of securemote dying, and some times also ftp sessions die when installing a new policy. If you run "fw tab -t connections" before and after a ruleset install you can verify which connections die. How to make authenticated users survive a policy install is described in Checkpoint ID 36.777 I'm currently unable to find the article which describes how to make sqlnet connections survive a policy install, but I'm pretty sure it was something I've found from this list. Lars > -----Original Message----- > From: Scott Becker [mailto:[email protected]] > Sent: 4. januar 2001 05:12 > To: [email protected]; [email protected]; > [email protected]; [email protected] > Subject: RE: [FW1] Installing Security Policy > > > Which version are you on ? > > On 4.1sp2, telnet and ssh sessions stays alive, all vpn > related, citrix like > services will be dead. > > > > From: Amar <[email protected]> > To: [email protected], [email protected], > [email protected] > Subject: RE: [FW1] Installing Security Policy > Date: Tue, 2 Jan 2001 07:18:39 -0800 (PST) > > > that would be interesting to know.. any info on how to > stop users being knocked off would be appreciated. > > trust me in my environment everyone gets knocked off > when we push an update > > cheers > --- [email protected] wrote: > Amar and all, > > If this was the case it wouldn't be possible to do > > anything during > > production hours. Established sessions normally > > survive. The exceptions are > > sqlnet2, winframe and other pre defined services > > defined as "other". It's > > possible to change the inspect script for some of > > these services to make > > them survive a policy install, but I've not been > > able to get this working > > with all such services. > > > > Lars > > > > > -----Original Message----- > > > From: Amar [mailto:[email protected]] > > > Sent: 2. januar 2001 15:07 > > > To: Estela Ruiz; > > [email protected] > > > Subject: Re: [FW1] Installing Security Policy > > > > > > > > > > > > from my experience almost all users (that are > > > accessing anything behind the firwall) are knocked > > off > > > !!!! > > > > > > cheers and happy new year to all of you > > > > > > Amar Singh > > > Internet Systems Engineer > > > Cable & Wireless > > > Cisco Certified (CCNP, CCNA) > > > Checkpoint Certified (CCSE, CCSA) > > > > > > > > > --- Estela Ruiz <[email protected]> wrote: > > > > > > > Hello all, > > > > > > > > First of all, sorry if this question was mailed > > > > before... > > > > > > > > I would like to know what are the problems in > > > > installing the Security Policy > > > > when the firewall in on production. I think > > that > > > > encryption sessions end, > > > > but is there anything else? > > > > > > > > What are the results of installing the Security > > > > Policy? > > > > > > > > Thanks and Happy New Year!! > > > > > > > > Estela > > > > > > > > > > ______________________________________________________________ > > > ___________ > > > > Get Your Private, Free E-mail from MSN Hotmail > > at > > > > http://www.hotmail.com. > > > > > > > > > > > > > > > > > > > > > > ============================================================== > > > ================== > > > > To unsubscribe from this mailing list, > > please > > > > see the instructions at > > > > > > > > http://www.checkpoint.com/services/mailing.html > > > > > > > > > > ============================================================== > > > ================== > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Yahoo! Photos - Share your holiday photos online! > > > http://photos.yahoo.com/ > > > > > > > > > > > > ============================================================== > > > ================== > > > To unsubscribe from this mailing list, please > > see the > > > instructions at > > > > > http://www.checkpoint.com/services/mailing.html > > > > > > ============================================================== > > > ================== > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - Share your holiday photos online! > http://photos.yahoo.com/ > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > > ______________________________________________________________ > ___________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
