[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG - UNACCEPTABLE
I think they are Crazy. I have Implement NG FR1 and it works great. I have put it on a W2k machine with no problems. NG without FR1 is very buggy and unstable, but I feel that NG FR1 is stable. James ----- Original Message ----- From: "Anthony Mann" <[email protected]> To: <[email protected]> Sent: Tuesday, January 08, 2002 8:39 PM Subject: [FW-1] NG - UNACCEPTABLE > I caught the tail end of this thread. Could someone please email the > complete discussion? > > We were going to implement NG within the month... > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On Behalf Of > Zeltser, Roman > Sent: Thursday, January 03, 2002 5:13 PM > To: [email protected] > Subject: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general > use ? > > My coworkers said: do not run NG on Wintel! > > ********************************** > Roman Zeltser, > @National Computer Center, > RSIS & DNE > > > > -----Original Message----- > From: Mark Whitworth [mailto:[email protected]] > Sent: Thursday, January 03, 2002 2:51 PM > To: [email protected] > Subject: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use > ? > Importance: High > > > I know someone asked if NG was ready for general use, and others have > been > asking how soon they could get it. I would like to mention some > problems > we've seen and see if anyone else has seen the logging issue > specifically, > and I would wholeheartedly say that if you upgrade - BEWARE!! > > We have been running FW-1 for years on multiple firewalls, all Wintel > boxes. > Most recently, we were on 4.1 with the latest service packs on top of NT > 4.0 > SP6a. We upgraded in a rolling fashion onto clean Win2K installs and > tried > to import our objects/policies as instructed. Following the instructions > on > how to do this and in various FAQs yielded only hours of frustration. > We > had to rebuild from scratch. > > Although we got our site-site VPNs up, we have seen a multitude of other > errors. DNS/AD errors via the site-to-site VPN that did not previously > exist, and which do not occur when tunneled alternatively via > Netscreens. > Securemote failures due to missing SKU line items on paid-for (not eval) > licenses from the Checkpoint site!!!! Intermittent object errors on > policy > verification on objects that have not been modified in any way. Errors > on > trying to delete objects, with advice to contact technical support. To > top > it off, BSODs on multiple installs of FP1. > > Actually, there is even one more issue we've seen which rivals the > BSODs. > We have "front door" and "back door" firewalls which protect different > numbers of hosts. The front door firewalls have always had unlimited > licenses, while the back door firewall had a 250 count license because > we > have roughly that many hosts. In our 4.1 and even mixed 4.1-NG > environments, we saw no logging issues. However, as soon as we took the > back door firewall to NG, now when it detects "too many internal hosts > (typically due to transient laptops), it logs an error to our central > management station and ALL firewalls stop logging!!!!! Actually, at > some > point we still see logged events, but it ultimately fails and no items > after > that error are displayed in the gui any more. To reinitiate, you have > to > clear the appropriate files, CPSTOP/CPSTART, and reinstall putkeys. > Talk > about the most screwed up thing ever. TOTALLY UNACCEPTABLE, and if any > of > you are on this borderline, I recommend you not upgrade. We will likely > upgrade our license, but this is not the manner in which this should > have > been handled. I requested an eval license and even though Checkpoint > technical support told me this was not the issue, and we had no logging > problems until the day after it expired. Same issue. > > These items have all been reported to and ignored by Checkpoint. > Largely > the reason we are evaluating other products. > > Mark Whitworth > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|