Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] unsubscribe

To: [email protected]
Subject: [FW-1] unsubscribe
From: [email protected]
Date: Tue, 20 Aug 2002 14:57:14 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: unsubscribe

-----Original Message-----
From: Automatic digest processor [mailto:[email protected]]
Sent: Tuesday, August 20, 2002 12:02 AM
To: Recipients of FW-1-MAILINGLIST digests
Subject: FW-1-MAILINGLIST Digest - 18 Aug 2002 to 19 Aug 2002 (#2002-234)

There are 36 messages totalling 3066 lines in this issue.

Topics of the day:

1. Problems with E-mail ( TOO MUCH MAIL DATA)
2. How to stop secure remote starting automatically under windows 2000 ?
3. Out of band
4. changing fw-1/vpn-1 user passwords (4)
5. Secure Remote NG FP2 Session drops.... Thanks
6. StoneBeat FullCluster 3.0 SP1 and OPSEC certification (3)
7. gateway-to-gateway VPNs FP2 style... (4)
8. blocking Instant Messaging (AOL's AIM) (3)
9. Tuning for FW-1 NG and Solaris 8 (2)
10. Url Filtering software
11. Securemote failures
12. Destination Static NATting (2)
13. blocking Instant Messaging (AOL's AIM) us
14. FW-1 SmallOffice Q's
15. cplic del
16. Problem migrating to FP2
17. Backing up firewall objects
18. Jignesh Pathak/LKS is out of the office.
19. SecuRemote licensing woes
20. What does the update button do? (2)
21. Secure Remote NG FP2 Session drops....
22. Nokia VRRP Monitored Circuit Question
23. Telnet Access to Nokia IP650 as a Checkpoint NG Enforcement Point

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected] =================================================

----------------------------------------------------------------------

Date: Mon, 19 Aug 2002 09:29:42 +0200
From: Walter Nordmann <[email protected]>
Subject: Re: Problems with E-mail ( TOO MUCH MAIL DATA)

hi,

check the smtp-properties of your firewall-object (not the global =
properties)

walter nordmann, cards germany

-----Original Message-----
From:   Oscar Aviles [mailto:[email protected]]
Sent:   Sat 8/17/2002 01:32
To:     [email protected]
Cc:=09
Subject:             [FW-1] Problems with E-mail ( TOO MUCH MAIL DATA)

Hi Friend:

Someone have problem with the SMTP resources?
My firewall cut and drop the Mail on 1 Mb. Only when I use the resorse. = It happend on Linux Box, W2k Box, with FP1 and FP2. On the log I can see: Content Security: TOO MUCH MAIL DATA and it is drop.

Best Regards

Oscar

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
If you have any questions on how to change your
subscription options, email
[email protected] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

------------------------------

Date:    Mon, 19 Aug 2002 10:13:06 +0200
From:    t-systems-fitz <[email protected]>
Subject: Re: How to stop secure remote starting automatically under windows
         2000 ?

Hi,

on w2k you better disable the automatic start of securemote under services. If you set the starttype of securemote watchdog and securemote itself to "manual", you can later start it with the command "net start .....".

best regards fitz, CCSA/CCSE

----- Original Message -----
From: "Josh Fry" <[email protected]>
To: <[email protected]>
Sent: Friday, August 16, 2002 7:41 PM
Subject: [FW-1] How to stop secure remote starting automatically under windows 2000 ?

> Hello,
>
> does anyone know how to stop secure remote starting automatically when
> windows boots up. so that a user can then start it at their discretion
> later from the windows start menu.
>
> kind regards
>
> josh
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

------------------------------

Date: Mon, 19 Aug 2002 12:18:38 +0200
From: "MISCHIATTI,MIRKO (HP-Italy,ex1)" <[email protected]>
Subject: Out of band

Hi,
Have you some information about the out of band firewall nokia management. When the console cable connected, the nokia stops. There is a way to avoid that. Thanks. M.

------------------------------

Date: Mon, 19 Aug 2002 20:43:17 +1000
From: Brendan Laws <[email protected]>
Subject: changing fw-1/vpn-1 user passwords

SGksDQogDQpjb3VsZCBzb21lb25lIHRlbGwgbWUgaWYgaXQgaXMgcG9zc2libGUgZm9yIGEgU2Vj
dXJlUmVtb3RlIHVzZXIgdG8gY2hhbmdlIHRoZWlyIGxvZ29uIHBhc3N3b3JkcyBmcm9tIHRoZSBj
bGllbnQuDQogDQp0aGV5IGFyZSBhdXRoZW50aWNhdGluZyB0byB0aGUgZmlyZXdhbGwgdmlhIGZ3
LTEvdnBuLTEgcGFzc3dvcmQuDQogDQppcyBpdCBwb3NzaWJsZSBmb3IgdGhlIGNsaWVudCB0byBj
aGFuZ2UgdGhlcmUgcGFzc3dvcmQsIGlmIHNvIHdoYXQgbWV0aG9kIG9mIGF1dGhlbnRpY2F0aW9u
IGlzIG5lZWRlZD8NCiANCnRoYW5rcyANCiANCkJyZW5kYW4NCg==

------------------------------

Date: Mon, 19 Aug 2002 20:44:34 +1000
From: Brendan Laws <[email protected]>
Subject: Re: Secure Remote NG FP2 Session drops.... Thanks

dGhhbmsgeW91IHRvIGFsbCB0aG9zZSB3aG8gcmVwbGllZCB0byB0aGlzDQogDQp3b3VsZCBhcHBl
YXIgdG8gYmUgdmVyeSBjb21tb24sIGFuZCBhdCB0aGUgbW9tZW50IGNoYW5naW5nIHRoZSBmaXJl
d2FsbCdzIElQIHNlZW1zIHRvIGJlIHRoZSBvbmx5IGZpeC4NCiANCmNoZWVycw0KIA0KQnJlbmRh
bg0KDQoJLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0gDQoJRnJvbTogT3JyLCBQYXVsIFttYWls
dG86UE9yckBUVVRISUxMLkNPTV0gDQoJU2VudDogU2F0IDE3LzA4LzIwMDIgMTI6MjEgQU0gDQoJ
VG86IEZXLTEtTUFJTElOR0xJU1RAYmVldGhvdmVuLnVzLmNoZWNrcG9pbnQuY29tIA0KCUNjOiAN
CglTdWJqZWN0OiBbRlctMV0gU2VjdXJlIFJlbW90ZSBORyBGUDIgU2Vzc2lvbiBkcm9wcy4uLi4N
CgkNCgkNCg0KCUkgc2VlbWVkIHRvIGhhdmUgZGV2ZWxvcGVkIHRoZSBzYW1lIHByb2JsZW0gaW4g
dGhlIGxhc3QgY291cGxlIG9mDQoJbW9udGhzLiAgSSBoYXZlbid0IGJlZW4gYWJsZSB0byBmaWd1
cmUgb3V0IHdoYXQgaGFzIGNhdXNlZCBpdC4gIElmDQoJYW55b25lIGtub3dzIGhvdyB0byByZXNv
bHZlIHRoaXMgaXNzdWUsIHBsZWFzZSBsZXQgbWUga25vdyBhcyB3ZWxsLg0KCQ0KCVRoYW5rIHlv
dSwNCgkNCglQYXVsIE9ycg0KCSg2MzApIDM4Mi00NjE3DQoJDQoJPT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KCVRvIHNldCB2YWNhdGlvbiwgT3V0IE9m
IE9mZmljZSwgb3IgYXdheSBtZXNzYWdlcywNCglzZW5kIGFuIGVtYWlsIHRvIExJU1RTRVJWQGxp
c3RzLnVzLmNoZWNrcG9pbnQuY29tDQoJaW4gdGhlIEJPRFkgb2YgdGhlIGVtYWlsIGFkZDoNCglz
ZXQgZnctMS1tYWlsaW5nbGlzdCBub21haWwNCgk9PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09DQoJVG8gdW5zdWJzY3JpYmUgZnJvbSB0aGlzIG1haWxpbmcg
bGlzdCwNCglwbGVhc2Ugc2VlIHRoZSBpbnN0cnVjdGlvbnMgYXQNCglodHRwOi8vd3d3LmNoZWNr
cG9pbnQuY29tL3NlcnZpY2VzL21haWxpbmcuaHRtbA0KCT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT0NCglJZiB5b3UgaGF2ZSBhbnkgcXVlc3Rpb25zIG9u
IGhvdyB0byBjaGFuZ2UgeW91cg0KCXN1YnNjcmlwdGlvbiBvcHRpb25zLCBlbWFpbA0KCWZ3LTEt
b3duZXJAdHMuY2hlY2twb2ludC5jb20NCgk9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09DQoJDQoNCg==

------------------------------

Date: Mon, 19 Aug 2002 14:58:05 +0300
From: Tomi Kononow <[email protected]>
Subject: StoneBeat FullCluster 3.0 SP1 and OPSEC certification

Hi,

StoneBeat FullCluster 3.0 SP1 for Check Point FW-1 NG FP2 was submitted for OPSEC certification at the beginning of July. We are waiting Check Point's acceptance for the certification for Windows 2000 platform during week 34. OPSEC certification for Solaris platform will follow in near future.

StoneBeat FullCluster 3.0 SP1 fully supports Check Point FW-1 NG FP2 already. Latest released StoneBeat FullCluster versions (15.8.2002):

- StoneBeat FullCluster 3.0 SP1 for Linux
- StoneBeat FullCluster 3.0 HF5-1 for Solaris
- StoneBeat FullCluster 3.0 HF1-1 for Windows 2000

Please download the latest software versions and release notes from Stonesoft Web site: http://www.stonesoft.com/download/

Regards,

Tomi Kononow
Technical Product Manager, StoneBeat /////////////////////////////////////////////////////////////////////////

Date: Fri, 16 Aug 2002 01:28:47 -0700
From: Skar <[email protected]>
Subject: Re: NG FP2 with Stonebeat full cluster 3

Sorry for the late interrupt,
Does StoneBeat FC is certfied for NG FP2 ?
If not, I thought Checkpoint will release FP3 at
October. Than How long we will wait SBFC for FP3
certification ? Strange...

------------------------------

Date: Mon, 19 Aug 2002 08:22:29 -0400
From: Leonardo Boulton <[email protected]>
Subject: gateway-to-gateway VPNs FP2 style...

Hi lads,

Once again I come to you seeking for help. Before I had a Check Point FW1 NG FP2 with many gateway-to-gatewway VPNs configured. In FP1 there was no "if via" column in the rule base (for those of you who've already seen FP2), to configure a VPN you just go to the firewall object, VPN tab and set the preshared secret for it, then in the rulebase's action you set "encrypt". Now, FP2 handles VPNs differently: you must set comunities and add firewall objects to those communities.

The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to.

Can any body help me on that one...

Thanks a lot.

Leonardo Boulton

Network Security Engineer
CyberTech Projects
web: www.cybertechproject.com
email: [email protected]
phone: (
cel: (
msn id: [email protected]
Caracas, Venezuela

------------------------------

Date: Mon, 19 Aug 2002 08:23:24 -0400
From: Leonardo Boulton <[email protected]>
Subject: Re: changing fw-1/vpn-1 user passwords

It is not possible.... you must configure that directlly from the policy editor.

-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 [mailto:[email protected]]En nombre de Brendan Laws Enviado el: Monday, August 19, 2002 6:43 AM

Para: [email protected]
Asunto: [FW-1] changing fw-1/vpn-1 user passwords

Hi,

could someone tell me if it is possible for a SecureRemote user to change their logon passwords from the client.

they are authenticating to the firewall via fw-1/vpn-1 password.

is it possible for the client to change there password, if so what method of authentication is needed?

thanks

Brendan

------------------------------

Date: Mon, 19 Aug 2002 09:25:08 -0400
From: Security Guy <[email protected]>
Subject: blocking Instant Messaging (AOL's AIM)

This is a multi-part message in MIME format.

------=_NextPart_000_020E_01C24762.4F8664D0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

In the August issue of information security magazine, they have a great = article on Instant messaging. Unfortunately they didn't tell me = anything new :( I have been trying to block IM off and on...but this = article re-energized me. Here are the steps I have take so far in an = attempt to block AOL's AIM

Currently Blocking:
5190 tcp/udp
4443 tcp/udp
All traffic to login.oscar.aol.com (which is 64.12.x.x)=20

I've tried these rules:

Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp =
5190 http/s drop long
*Nice...it's using the DNS port, this thing is like a Trojan, it will = actually scan for open ports

Internal Network login.oscar.aol.com ANY drop long

What am I missing? Is there any reason a reverse rule is needed?=20

Any info is appreciated,

-AD

------=_NextPart_000_020E_01C24762.4F8664D0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>In the August issue of information = security=20 magazine, they have a great article on Instant messaging.  = Unfortunately=20 they didn't tell me anything new :(  I have been trying to block IM = off and=20 on...but this article re-energized me.  Here are the steps I have = take so=20 far in an attempt to block AOL's AIM</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Currently Blocking:</FONT></DIV> <DIV><FONT face=3DArial size=3D2>5190 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>4443 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>All traffic to login.oscar.aol.com = (which is=20

64.12.x.x) </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I've tried these rules:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><EM>Internal = network    =20

login.oscar.aol.com    tcp/udp 53 tcp/udp 4443 tcp 5190 = http/s=20     drop    long</EM></FONT></DIV> <DIV><FONT face=3DArial size=3D2>*Nice...it's using the DNS port, this = thing is like=20 a Trojan, it will actually scan for open ports</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><EM>Internal Network   =20 login.oscar.aol.com      ANY    = drop=20 long</EM></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>What am I missing?  Is there any = reason a=20 reverse rule is needed?</FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Any info is appreciated,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-AD</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML>

------=_NextPart_000_020E_01C24762.4F8664D0--

------------------------------

Date: Mon, 19 Aug 2002 15:22:42 +0200
From: Martin Christen <[email protected]>
Subject: Tuning for FW-1 NG and Solaris 8

Hello

Does anybody have a guide how to tune a solaris 8 box with FW-1 NG?

Regards

MArtin

__________________________________http://www.clounet.ch

Martin Christen
NMS/Security Consultant

Phone:    +41(0)31 950 55 83                  ClouNet AG
Fax:      +41(0)31 950 55 90             Ammannstrasse 1
[email protected]          CH-3074 Muri b. Bern
________________________________________________________

------------------------------

Date: Mon, 19 Aug 2002 09:28:52 -0400
From: "Andrade Guerra, Marcelo" <[email protected]>
Subject: Re: gateway-to-gateway VPNs FP2 style...

This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.

------_=_NextPart_001_01C24784.5BDCD710
Content-Type: text/plain;
charset="iso-8859-1"

IKE Settings.

Saludos

-----Mensaje original-----
De: Leonardo Boulton [mailto:[email protected]]
Enviado el: Lunes, 19 de Agosto de 2002 8:22
Para: [email protected]
Asunto: [FW-1] gateway-to-gateway VPNs FP2 style...

Hi lads,

The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to.

Can any body help me on that one...

Thanks a lot.

Leonardo Boulton

Network Security Engineer
CyberTech Projects
web: www.cybertechproject.com
email: [email protected]
phone: (
cel: (
msn id: [email protected]
Caracas, Venezuela

------_=_NextPart_001_01C24784.5BDCD710
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12">

<TITLE>RE: [FW-1] gateway-to-gateway VPNs FP2 style...</TITLE> </HEAD> <BODY>

<P><FONT SIZE=3D2>IKE Settings.</FONT>
</P>

<P><FONT SIZE=3D2>Saludos</FONT>
</P>

<P><FONT SIZE=3D2>-----Mensaje original-----</FONT>
<BR><FONT SIZE=3D2>De: Leonardo Boulton [<A = HREF="" href="mailto:[email protected]">mailto:[email protected]">mailto:lboulton@CYBERTECH=
PROJECTS.COM</A>]</FONT>
<BR><FONT SIZE=3D2>Enviado el: Lunes, 19 de Agosto de 2002 8:22</FONT> <BR><FONT SIZE=3D2>Para: = [email protected]</FONT>

<BR><FONT SIZE=3D2>Asunto: [FW-1] gateway-to-gateway VPNs FP2 = style...</FONT> </P> <BR>

<P><FONT SIZE=3D2>Once again I come to you seeking for help. Before I = had a Check Point FW1 NG</FONT> <BR><FONT SIZE=3D2>FP2 with many gateway-to-gatewway VPNs configured. = In FP1 there was no "if</FONT> <BR><FONT SIZE=3D2>via" column in the rule base (for those of you = who've already seen FP2), to</FONT> <BR><FONT SIZE=3D2>configure a VPN you just go to the firewall object, = VPN tab and set the</FONT> <BR><FONT SIZE=3D2>preshared secret for it, then in the rulebase's = action you set "encrypt".</FONT> <BR><FONT SIZE=3D2>Now, FP2 handles VPNs differently: you must set = comunities and add firewall</FONT> <BR><FONT SIZE=3D2>objects to those communities.</FONT> </P>

<P><FONT SIZE=3D2>The question is that I don't know where to edit the = preshared secret. In the</FONT> <BR><FONT SIZE=3D2>firewall object's VPN tab all you can set is the = community that firewall</FONT> <BR><FONT SIZE=3D2>belongs to.</FONT> </P>

<P><FONT SIZE=3D2>Thanks a lot.</FONT>
</P>

<P><FONT SIZE=3D2>Leonardo Boulton</FONT>
</P>

<P><FONT SIZE=3D2>Network Security Engineer</FONT>
<BR><FONT SIZE=3D2>CyberTech Projects</FONT>
<BR><FONT SIZE=3D2>web:    = www.cybertechproject.com</FONT> <BR><FONT SIZE=3D2>email:  [email protected]</FONT>

<BR><FONT SIZE=3D2>phone:  (</FONT> <BR><FONT SIZE=3D2>cel:    (</FONT> <BR><FONT SIZE=3D2>msn id: [email protected]</FONT> <BR><FONT SIZE=3D2>Caracas, Venezuela</FONT> </P>

<P><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2>To set vacation, Out Of Office, or away = messages,</FONT> <BR><FONT SIZE=3D2>send an email to = [email protected]</FONT>

<BR><FONT SIZE=3D2>in the BODY of the email add:</FONT> <BR><FONT SIZE=3D2>set fw-1-mailinglist nomail</FONT> <BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2>To unsubscribe from this mailing list,</FONT> <BR><FONT SIZE=3D2>please see the instructions at</FONT> <BR><FONT SIZE=3D2><A = HREF="" href="http://www.checkpoint.com/services/mailing.html" TARGET="_blank">http://www.checkpoint.com/services/mailing.html" = TARGET=3D"_blank">http://www.checkpoint.com/services/mailing.html</A></F=

ONT>
<BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2>If you have any questions on how to change = your</FONT> <BR><FONT SIZE=3D2>subscription options, email</FONT> <BR><FONT SIZE=3D2>[email protected]</FONT>

</BODY>
</HTML>
------_=_NextPart_001_01C24784.5BDCD710--

------------------------------

Date: Mon, 19 Aug 2002 14:50:08 +0100
From: Julian Burton <[email protected]>
Subject: Re: gateway-to-gateway VPNs FP2 style...

Pre-shared secret:

Open up your firewall object
Select VPN in the left-hand pane
Select your encryption scheme and click Details
Click Pre-shared secret and click Details
and add the secret here.

Julian

|---------+---------------------------------------------->
|         |           Leonardo Boulton                   |
|         |           <[email protected]>   |
|         |           Sent by: Mailing list for          |
|         |           discussion of Firewall-1           |
|         |           <[email protected]|
|         |           kpoint.com>                        |
|         |                                              |
|         |                                              |
|         |           19/08/2002 13:22                   |
|         |           Please respond to Mailing list for |
|         |           discussion of Firewall-1           |
|         |                                              |
|---------+---------------------------------------------->
>----------------------------------------------------------------------------------------------|
|                                                                                              |
|       To:       [email protected]                                 |
|       cc:                                                                                    |
|       Subject: [FW-1] gateway-to-gateway VPNs FP2 style...                                  |
>----------------------------------------------------------------------------------------------|

Hi lads,

The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to.

Can any body help me on that one...

Thanks a lot.

Leonardo Boulton

Network Security Engineer
CyberTech Projects
web: www.cybertechproject.com
email: [email protected]
phone: (
cel: (
msn id: [email protected]
Caracas, Venezuela

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet.

**********************************************************************
Zenith Insurance Management Limited Registered No. 3805632
Registered @ Zenith House, Market Place, Haywards Heath,
West Sus, RH16 1DB.

NOTICE:
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the [email protected] and delete the message and any attachments accompanying it immediately.

**********************************************************************

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet.

------------------------------

Date: Mon, 19 Aug 2002 07:05:56 -0700
From: "Hubbard, Dan" <[email protected]>
Subject: Re: Url Filtering software

This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.

------_=_NextPart_001_01C24789.89E5DDF0
Content-Type: text/plain;
charset="UTF-8"

Stephen;

I am obviously interested in your comparison. Do you have some technical details you would like to share ?

Thanks

-----Original Message-----
From: Stephen Raymond [mailto:[email protected]]
Sent: Friday, August 16, 2002 3:38 PM
To: [email protected]
Subject: Re: [FW-1] Url Filtering software

Trust me on this one the best is NOT websense or surfcontrol. This best is www.N2H2.com or 8e6 (xstop) www.8e6.com . I have just finished testing this and n2h2 and 8e6 came out on top.

stephen

----- Original Message -----
From: "Jeff Harris" <[email protected]>
To: <[email protected]>
Sent: Wednesday, August 14, 2002 2:25 PM
Subject: [FW-1] Url Filtering software

> Can anyone recommend URL filtering software for 4.1 or NG or just in
general?
>
> Thanks
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

------_=_NextPart_001_01C24789.89E5DDF0
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUTF-8"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12">

<TITLE>RE: [FW-1] Url Filtering software</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Stephen;</FONT>
</P>

<P><FONT SIZE=3D2>I am obviously interested in your comparison. Do you = have some technical details you would like to share ?</FONT> </P>

<P><FONT SIZE=3D2>Thanks</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Stephen Raymond [<A = HREF="" href="mailto:[email protected]">mailto:[email protected]">mailto:[email protected]</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Friday, August 16, 2002 3:38 PM</FONT> <BR><FONT SIZE=3D2>To: = [email protected]</FONT>

<BR><FONT SIZE=3D2>Subject: Re: [FW-1] Url Filtering software</FONT> </P> <BR>

<P><FONT SIZE=3D2>Trust me on this one the best is NOT websense or = surfcontrol.  This best is</FONT> <BR><FONT SIZE=3D2>www.N2H2.com or 8e6 (xstop) www.8e6.com .  I = have just finished testing this</FONT> <BR><FONT SIZE=3D2>and n2h2 and 8e6 came out on top.</FONT> </P> <BR>

<P><FONT SIZE=3D2>stephen</FONT>
</P>

<P><FONT SIZE=3D2>----- Original Message -----</FONT>
<BR><FONT SIZE=3D2>From: "Jeff Harris" = <[email protected]></FONT>
<BR><FONT SIZE=3D2>To: = <[email protected]></FONT>
<BR><FONT SIZE=3D2>Sent: Wednesday, August 14, 2002 2:25 PM</FONT> <BR><FONT SIZE=3D2>Subject: [FW-1] Url Filtering software</FONT> </P> <BR>

<P><FONT SIZE=3D2>> Can anyone recommend URL filtering software for = "" or NG or just in</FONT> <BR><FONT SIZE=3D2>general?</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> Thanks</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</FONT>
<BR><FONT SIZE=3D2>> To set vacation, Out Of Office, or away = messages,</FONT> <BR><FONT SIZE=3D2>> send an email to = [email protected]</FONT>

<BR><FONT SIZE=3D2>> in the BODY of the email add:</FONT> <BR><FONT SIZE=3D2>> set fw-1-mailinglist nomail</FONT> <BR><FONT SIZE=3D2>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</FONT>
<BR><FONT SIZE=3D2>> To unsubscribe from this mailing list,</FONT> <BR><FONT SIZE=3D2>> please see the instructions at</FONT> <BR><FONT SIZE=3D2>> <A = HREF="" href="http://www.checkpoint.com/services/mailing.html" TARGET="_blank">http://www.checkpoint.com/services/mailing.html" = TARGET=3D"_blank">http://www.checkpoint.com/services/mailing.html</A></F=

ONT>
<BR><FONT SIZE=3D2>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</FONT>
<BR><FONT SIZE=3D2>> If you have any questions on how to change = your</FONT> <BR><FONT SIZE=3D2>> subscription options, email</FONT> <BR><FONT SIZE=3D2>> [email protected]</FONT>

<BR><FONT SIZE=3D2>in the BODY of the email add:</FONT> <BR><FONT SIZE=3D2>set fw-1-mailinglist nomail</FONT> <BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

</BODY>
</HTML>
------_=_NextPart_001_01C24789.89E5DDF0--

------------------------------

Date: Mon, 19 Aug 2002 16:02:18 +0200
From: Jeff LaCoursiere <[email protected]>
Subject: Securemote failures

I wrote last week about securemote failing for about half of our employees. We could see packets from the failing connections entering the firewall, but not leaving any of the interfaces. No drops could be found in the log viewer. A laptop that functioned at my house (over DSL) would not function on a dialup connection.

The problem was eventually traced to the IP NAT Pool being full. It appears that the NAT associations never time out! The employees that were still working were on static addresses at their homes, and their associations in the table allowed them to continue functioning. Those coming in on dynamic addresses (like my laptop on dialup) were refused, as no new associations could be made. We temporarily solved this problem by deleting all entries in the pool. I need a more permanent solution, i.e. why don't the entries time out? Any ideas?

Interesting experiment was to purge the pool while the dialled in laptop ran ping -t to an internal machine. Two packets were missed, but it then started right back up again. This being the case I am considering cron'ing the command to empty the pool to run each night at 2AM or something. Any comments on this approach?

Thanks!

Jeff LaCoursiere
Infrastructure Specialist
T-Motion

------------------------------

Date: Mon, 19 Aug 2002 22:38:43 +0800
From: "Maenard Martinez (TS-PH)" <[email protected]>
Subject: Destination Static NATting

Hi!

I have a lab wherein I am simulating the setup below:

Objective: Let external IPs (172.16.0.0/16) connect to the Internet services on the 10.0.0.0/8 network

FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1 [172.16.3.20/172.16.30.20] -------------- External

The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two valid (logically) IP addresses are bound that will act as external IP addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate multiple NICs.

I did the following already on the Policy:

SOURCE DESTINATION SERVICE ACTION
Any 172.16.30.20 FTP/HTTP/SMTP Accept

For the NAT, I have these:

                [ORIGINAL PACKET]                       [TRANSLATED PACKET]
SOURCE        DESTINATION      SERVICE    SOURCE        DESTINATION
SERVICE
Any           172.16.30.20       Any            Orig            10.0.0.4
Orig

I also retrieved the MAC address of the NIC of the FW-1 and added it on the local.arp and installed the policy. On the article from PhoneBoy, it mentioned the IP spoofing configuration. I am not familiar with the said configuration?

After following the steps (except for the IP spoofing), it still doesn't work. According to the log, the traffic from the external is being accepted by 172.16.30.20, but that's it; there's no indication that the traffic is being forwarded or translated to 10.0.0.4; but the FTP traffic is being accepted by 172.16.30.20. I also have this route on my routing table

(NT4.0):

Network Destination        Netmask          Gateway       Interface Metric
       172.16.30.20 255.255.255.255        127.0.0.1       127.0.0.1
1
         172.16.30.20 255.255.255.255    10.0.0.4              10.0.0.4
1
Default Gateway:          10.0.0.1

Am I missing something?

Any feedback is highly appreciated.

Thanks,
Leo

------------------------------

Date: Mon, 19 Aug 2002 08:13:54 -0700
From: "Karli..." <[email protected]>
Subject: Re: changing fw-1/vpn-1 user passwords

So would the alternative be to setup a RADIUS service
on the domain controller and authenticate againt it

k
--- Leonardo Boulton <[email protected]>
wrote:
> It is not possible.... you must configure that
> directlly from the policy editor.
>
>
>
> -----Mensaje original-----
> De: Mailing list for discussion of Firewall-1
>
[mailto:[email protected]]En
> nombre de
> Brendan Laws
> Enviado el: Monday, August 19, 2002 6:43 AM
> Para: [email protected]
> Asunto: [FW-1] changing fw-1/vpn-1 user passwords
>
>
> Hi,
>
> could someone tell me if it is possible for a
> SecureRemote user to change their logon passwords
> from the client.
>
> they are authenticating to the firewall via
> fw-1/vpn-1 password.
>
> is it possible for the client to change there
> password, if so what method of authentication is
> needed?
>
> thanks
>
> Brendan
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=====

K a r l i . . . (c)2002
Laughter is a form of internal jogging

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

------------------------------

Date: Mon, 19 Aug 2002 11:55:39 -0400
From: Christopher Collins <[email protected]>
Subject: Re: blocking Instant Messaging (AOL's AIM)

This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.

------_=_NextPart_001_01C24798.DD777006
Content-Type: text/plain

Your second rule:

Internal Network login.oscar.aol.com ANY drop long

is how we have blocked AIM here where login.oscar.aol.com is the network range of 205.188.7.0.

That has worked great for us. Your network of 64.12.x.x may be what you need to use. Sometimes the ranges are location specific. The locationof the rule in the rulebase is also important - closer to the top.

Cheers,

Chris

-----Original Message-----
From: Security Guy [mailto:[email protected]]
Sent: August 19, 2002 9:25 AM
To: [email protected]
Subject: [FW-1] blocking Instant Messaging (AOL's AIM)

In the August issue of information security magazine, they have a great article on Instant messaging. Unfortunately they didn't tell me anything new :( I have been trying to block IM off and on...but this article re-energized me. Here are the steps I have take so far in an attempt to block AOL's AIM

Currently Blocking:

5190 tcp/udp

4443 tcp/udp

All traffic to login.oscar.aol.com (which is 64.12.x.x)

I've tried these rules:

Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp 5190
http/s drop long

*Nice...it's using the DNS port, this thing is like a Trojan, it will actually scan for open ports

Internal Network login.oscar.aol.com ANY drop long

What am I missing? Is there any reason a reverse rule is needed?

Any info is appreciated,

-AD

------_=_NextPart_001_01C24798.DD777006
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html>

</head>

<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>Your second rule:</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><em><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;color:black'>Internal

Network    login.oscar.aol.com     
ANY    drop long</span></font></i></em></p>

<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>is how we have blocked AIM here where <i><span style='font-style:italic'>login.oscar.aol.com </span></i>is the network range of <i><span style='font-style:italic'>205.188.7.0</span></i>.</span></font></p>

<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>That has worked great for us. Your network of </span></font><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;color:black'>64.12.x.x may be what you need to use. Sometimes the ranges are location specific. The locationof the rule in the rulebase is also important – closer to the top.</span></font></p>

<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>Cheers,</span></font></p>

<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>Chris</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>-----Original

Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Security Guy [mailto:[email protected]] <br> <b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>August

19, 2002</span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'> </span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>9:25

AM</span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size: 10.0pt;font-family:Tahoma'><br> <b><span style='font-weight:bold'>To:</span></b>

[email protected]<br>
<b><span style='font-weight:bold'>Subject:</span></b> [FW-1] blocking Instant Messaging (AOL's AIM)</span></font></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>In the August issue of information security magazine, they have a great article on Instant messaging.  Unfortunately they didn't tell me anything new :(  I have been trying to block IM off and on...but this article re-energized me.  Here are the steps I have take so far in an attempt to block AOL's AIM</span></font></p>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Currently Blocking:</span></font></p>

</div>

<div>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>All traffic to login.oscar.aol.com (which is 64.12.x.x) </span></font></p>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>I've tried these rules:</span></font></p>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><em><i><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Internal

network     login.oscar.aol.com    tcp/udp 53 tcp/udp 4443 tcp 5190 http/s     drop    long</span></font></i></em></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>*Nice...it's using the DNS port, this thing is like a Trojan, it will actually scan for open ports</span></font></p>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><em><i><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Internal Network    login.oscar.aol.com     

ANY    drop long</span></font></i></em></p>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>What am I missing?  Is there any reason a reverse rule is needed?</span></font> </p>

</div>

<div>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Any info is appreciated,</span></font></p>

</div>

<div>

</div>

<div>

</div>

<div>

</div>

<div>

</div>

</body>

</html>

------_=_NextPart_001_01C24798.DD777006--

------------------------------

Date: Mon, 19 Aug 2002 18:57:16 +0300
From: Huovinen Jani <[email protected]>
Subject: Re: changing fw-1/vpn-1 user passwords

Yes. You cant change fw1-1/vpn-1 password, but if you use radius with AD,you can use IIS web based tool to change Domain password which checkpoint uses

jani

-----Original Message-----
From: Leonardo Boulton [mailto:[email protected]]
Sent: Monday, August 19, 2002 3:23 PM
To: [email protected]
Subject: Re: [FW-1] changing fw-1/vpn-1 user passwords

It is not possible.... you must configure that directlly from the policy editor.

-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 [mailto:[email protected]]En nombre de Brendan Laws Enviado el: Monday, August 19, 2002 6:43 AM

Para: [email protected]
Asunto: [FW-1] changing fw-1/vpn-1 user passwords

Hi,

could someone tell me if it is possible for a SecureRemote user to change their logon passwords from the client.

they are authenticating to the firewall via fw-1/vpn-1 password.

is it possible for the client to change there password, if so what method of authentication is needed?

thanks

Brendan

------------------------------

Date: Mon, 19 Aug 2002 12:29:58 -0400
From: Security Guy <[email protected]>
Subject: blocking Instant Messaging (AOL's AIM) us

This is a multi-part message in MIME format.

------=_NextPart_000_0036_01C2477C.21D48D90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

(F/W: 4.1 sp4)

Currently Blocking:
5190 tcp/udp
4443 tcp/udp
All traffic to login.oscar.aol.com (which is 64.12.x.x)=20

I've tried these rules:

Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp =
5190 http/s drop long
*Nice...it's using the DNS port, this thing is like a Trojan, it will = actually scan for open ports

Internal Network login.oscar.aol.com ANY drop long

What am I missing? Is there any reason a reverse rule is needed?=20

Any info is appreciated,

-AD

------=_NextPart_000_0036_01C2477C.21D48D90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2> <DIV><FONT face=3DArial size=3D2>(F/W: 4.1 sp4)</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>In the August issue of information = security=20 magazine, they have a great article on Instant messaging.  = Unfortunately=20 they didn't tell me anything new :(  I have been trying to block IM = off and=20 on...but this article re-energized me.  Here are the steps I have = take so=20 far in an attempt to block AOL's AIM</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Currently Blocking:</FONT></DIV> <DIV><FONT face=3DArial size=3D2>5190 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>4443 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>All traffic to login.oscar.aol.com = (which is=20

login.oscar.aol.com    tcp/udp 53 tcp/udp 4443 tcp 5190 = http/s=20     drop    long</EM></FONT></DIV> <DIV><FONT face=3DArial size=3D2>*Nice...it's using the DNS port, this = thing is like=20 a Trojan, it will actually scan for open ports</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><EM>Internal Network   =20 login.oscar.aol.com      ANY    = drop=20 long</EM></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>What am I missing?  Is there any = reason a=20 reverse rule is needed?</FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Any info is appreciated,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial = size=3D2>-AD</FONT></DIV></FONT></DIV></BODY></HTML>

------=_NextPart_000_0036_01C2477C.21D48D90--

------------------------------

Date: Mon, 19 Aug 2002 12:27:42 -0400
From: Robert Woods <[email protected]>
Subject: Re: blocking Instant Messaging (AOL's AIM)

This is a multi-part message in MIME format.

------=_NextPart_000_00A9_01C2477B.D0CA65F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Everyone,
This has been an ongoing issue at my centre, and I suggest checking the log-in schemes every six months or so. Opening up the ports for yourself, log in as yourself, and watch the firewall/gateway logs. Instant Messenger applications have been known to move servers or change IP addresses to thwart people like us trying to block these application. Also, watch for web based interfaces to the Instant Messenger applications. If there is a way around a system, people will find it! i.e., www.icq.com/icqwebbie

Rob

[Robert Woods]
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Security Guy

Sent: Monday, August 19, 2002 9:25 AM
To: [email protected]
Subject: [FW-1] blocking Instant Messaging (AOL's AIM)

Currently Blocking:
5190 tcp/udp
4443 tcp/udp
All traffic to login.oscar.aol.com (which is 64.12.x.x)

I've tried these rules:

Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp
5190 http/s drop long
*Nice...it's using the DNS port, this thing is like a Trojan, it will actually scan for open ports

Internal Network login.oscar.aol.com ANY drop long

What am I missing? Is there any reason a reverse rule is needed?

Any info is appreciated,

-AD

------=_NextPart_000_00A9_01C2477B.D0CA65F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1">

<META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><SPAN class=3D2002><FONT face=3DTahoma=20 size=3D2>Everyone,</FONT></SPAN></DIV>

<DIV><SPAN class=3D2002><FONT face=3DTahoma = size=3D2>  This has=20 been an ongoing issue at my centre, and I suggest checking the log-in = schemes=20 every six months or so.  Opening up the ports for = "" in as=20 yourself, and watch the firewall/gateway logs.  Instant Messenger=20 applications have been known to move servers or change IP addresses to = thwart=20 people like us trying to block these application.  Also, watch for = "" based interfaces to the Instant Messenger applications.  If there = is a way=20 around a system, people will find it!  i.e., <A=20 href="" href="http://www.icq.com/icqwebbie" TARGET="_blank">http://www.icq.com/icqwebbie"><FONT face=3D"Times New Roman"=20 size=3D3>www.icq.com/icqwebbie</FONT></A><FONT face=3D"Times New Roman" = size=3D3>=20 </FONT></FONT></SPAN></DIV> <DIV><SPAN class=3D2002><FONT face=3DTahoma=20 size=3D2></FONT></SPAN> </DIV>

<DIV><FONT face=3DTahoma><FONT face=3DArial color=3D#0000ff = size=3D2></FONT> </DIV> <DIV><BR><FONT size=3D2><SPAN class=3D2002><FONT = face=3DArial=20 color=3D#0000ff>[Robert Woods] </FONT></SPAN></FONT></DIV>

<DIV><FONT size=3D2><SPAN = class=3D2002> </SPAN>-----Original=20
Message-----<BR><B>From:</B> Mailing list for discussion of Firewall-1=20 [mailto:[email protected]]<B>On Behalf Of=20 </B>Security Guy<BR><B>Sent:</B> Monday, August 19, 2002 9:25 = AM<BR><B>To:</B>=20 [email protected]<BR><B>Subject:</B> [FW-1] = blocking=20 Instant Messaging (AOL's AIM)<BR><BR></DIV></FONT></FONT> <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">

<DIV><FONT face=3DArial size=3D2>In the August issue of information = security=20
magazine, they have a great article on Instant messaging.  = Unfortunately=20
they didn't tell me anything new :(  I have been trying to block = IM off=20
and on...but this article re-energized me.  Here are the steps I = have=20
take so far in an attempt to block AOL's AIM</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Currently Blocking:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>5190 tcp/udp</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>4443 tcp/udp</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>All traffic to login.oscar.aol.com = (which is=20
64.12.x.x) </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I've tried these rules:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><EM>Internal = network    =20
login.oscar.aol.com    tcp/udp 53 tcp/udp 4443 tcp 5190 = http/s=20
    drop    long</EM></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>*Nice...it's using the DNS port, this = thing is=20
like a Trojan, it will actually scan for open ports</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><EM>Internal = Network   =20
login.oscar.aol.com      = ANY    drop=20
long</EM></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>What am I missing?  Is there any = reason a=20
reverse rule is needed?</FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Any info is appreciated,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-AD</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial = size=3D2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_00A9_01C2477B.D0CA65F0--

------------------------------

Date: Mon, 19 Aug 2002 10:44:42 -0600
From: Maria del Carmen <[email protected]>
Subject: Re: Tuning for FW-1 NG and Solaris 8

This is a multi-part message in MIME format.

------=_NextPart_000_00DB_01C2476D.6CD2B1F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,
go to http://www.enteract.com/~lspitz/armoring.html

Carmen
----- Original Message -----=20
From: Martin Christen=20
To: [email protected]=20
Sent: Monday, August 19, 2002 7:22 AM
Subject: [FW-1] Tuning for FW-1 NG and Solaris 8

Hello

Does anybody have a guide how to tune a solaris 8 box with FW-1 NG?

Regards

MArtin

__________________________________http://www.clounet.ch

Martin Christen
NMS/Security Consultant

= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
If you have any questions on how to change your
subscription options, email
[email protected]
= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

------=_NextPart_000_00DB_01C2476D.6CD2B1F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

t.com/~lspitz/armoring.html</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Carmen</FONT></DIV> <BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20
<A [email protected]=20
href="" href="mailto:[email protected]">mailto:[email protected]">Martin Christen</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
[email protected]=20
= href="" href="mailto:[email protected]">mailto:[email protected]">FW-1-MAILING=
[email protected]</A>=20
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Monday, August 19, 2002 = 7:22=20
AM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [FW-1] Tuning for FW-1 = NG and=20
Solaris 8</DIV>
<DIV><BR></DIV>Hello<BR><BR>Does anybody have a guide how to tune a = solaris 8=20
box with FW-1=20
= NG?<BR><BR>Regards<BR><BR>MArtin<BR><BR> ___________________________=
_______http://www.clounet.ch<BR><BR>Martin=20
Christen<BR>NMS/Security Consultant<BR><BR>Phone:    =
+41(0)31=20
950 55=20
= 83           &nbsp=
;     =20
ClouNet AG<BR>Fax:      +41(0)31 950 55=20
= 90           &nbsp=
;=20
Ammannstrasse 1<BR><A=20
= href="" href="mailto:[email protected]">mailto:[email protected]">[email protected]</A>=
         =20
CH-3074 Muri b.=20
= Bern<BR>________________________________________________________<BR><BR>=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>=
To=20
set vacation, Out Of Office, or away messages,<BR>send an email to <A=20
= href="" href="mailto:[email protected]">mailto:[email protected]">[email protected]=
oint.com</A><BR>in=20
the BODY of the email add:<BR>set fw-1-mailinglist=20
= nomail<BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<BR>To unsubscribe=20
from this mailing list,<BR>please see the instructions at<BR><A=20
= href="" href="http://www.checkpoint.com/services/mailing.html" TARGET="_blank">http://www.checkpoint.com/services/mailing.html">http://www.check=
point.com/services/mailing.html</A><BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>If=20
you have any questions on how to change your<BR>subscription options,=20
email<BR><A=20
= href="" href="mailto:[email protected]">mailto:[email protected]">[email protected]=
</A><BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D</BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_00DB_01C2476D.6CD2B1F0--

------------------------------

Date: Mon, 19 Aug 2002 17:52:14 +0100
From: Tim Holman <[email protected]>
Subject: Re: FW-1 SmallOffice Q's

You can use the CP FW-1 management GUI to manage CP SmallOffice - I have set this up before.

-----Original Message-----
From: RUSSELL T. LEWIS [mailto:[email protected]]
Sent: 06 August 2002 16:04
To: [email protected]
Subject: [FW-1] FW-1 SmallOffice Q's

Is it possible to use the GUI management clients that are normally used for CP FW-1 Small Office? I can use the web management https://192.168.1.1 and the proper login, but using the GUI cilents I get a "connection cannot be initiated. Makesure that server 192.168.1.1 is up and running. any ideas?

Also, using the webinterface, it lets you deifne 5 TCP/UDP ports to allow to lan, dmz, or internet. Is it possible to allow more than five? If so, how?

Thanks guys!
-Russell Lewis

**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses.

www.uk.didata.com
**********************************************************************

------------------------------

Date: Mon, 19 Aug 2002 17:54:22 +0100
From: Tim Holman <[email protected]>
Subject: Re: cplic del

You remove licenses with

cplic del (signature)

NOT certificate key.

Signature is viewable with a cplic -k.

Regards,

Tim

-----Original Message-----
From: Ole Jakobsen [mailto:[email protected]]
Sent: 08 August 2002 09:15
To: [email protected]
Subject: Re: [FW-1] cplic del

Hi Jim,

When I serach my reg db on my Mgmt server the only place I find CPVP-VSO-1-3DES-MGMT-V41 is under HKEY_CURRENT_USER\Software\Microsoft\Internet Explore..... and I don't think that is the place CP saves the licens'.

But thank you for your input.

Best Regards,

Ole Jakobsen

                    jim parker <[email protected]>
                    Sent by: Mailing list for discussion        To:
[email protected]
                    of Firewall-1                               cc:
                    <[email protected]        Subject:
Re: [FW-1] cplic del
                    point.com>

                    02-08-2002 20:06
                    Please respond to Mailing list for
                    discussion of Firewall-1

interesting, i know the licenses for 4.1 on win32 are held in the registry, so try doing a search look for "CPVP-VSO-1-3DES-MGMT-V41", then delete it from the registry? I'm assuming you know how to edit the registry and as such are aware of the possible implications... just covering my own arse there... :)

-----Original Message-----
Subject: [FW-1] cplic del

Hi all,

I have a problem with a license that i can't delete from my NG FP2 management server.

The problem is that I add the licens to a IP71 running 4.1 before I installed 4.1 Backward Compatility om my mgmt server.

I constatly get the message " Warning: Can't find ::CPVP-VSO-1-3DES-MGMT-V41 in cp.macro. License version might be not compatible"

When i try to remove the license with cplic del I get:

C:\>cplic del IP71 CK-XXXXXXXXXXXX
Warning: Can't find ::CPVP-VSO-1-3DES-MGMT-V41 in cp.macro. License version might be not compatible Trying to delete license from IP71 ...

Warning: Can't find ::CPVP-VSO-1-3DES-MGMT-V41 in cp.macro. License version might be not compatible Operation Failed. License not found in database.

C:\>

What am I doing wrong?

Am I right when I say that you have to install 4.1 Backward Compatility before you can add 4.1 products?

Best Regards,

Ole Jakobsen

This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses.

www.uk.didata.com
**********************************************************************

------------------------------

Date: Mon, 19 Aug 2002 17:59:50 +0100
From: Tim Holman <[email protected]>
Subject: Re: Problem migrating to FP2

Make sure you haven't any policy objects with the words 'firewall' in them...

-----Original Message-----
From: Jean-Francois Gobin [mailto:[email protected]]
Sent: 13 August 2002 10:53
To: [email protected]
Subject: [FW-1] Problem migrating to FP2

Hello all,

I've a problem while migrating to FP2. When I set it up on a isolated network, everything goes ok.

When I plug it into the live network, the fw functions ok, but trying to use the policy editor ends with a "please verify that fwm is running".

FWM seems to crash with an "Illegal Operation" when launched by hand.

Any idea/similar case ?

We're using (or trying) FW-1 NG FP2 on solaris8, with MPU license, unlimited IP.

--
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be mailto:[email protected]

This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses.

www.uk.didata.com
**********************************************************************

------------------------------

Date: Mon, 19 Aug 2002 17:59:02 +0100
From: Tim Holman <[email protected]>
Subject: Re: Backing up firewall objects

Have you got the right license installed ?
isakmpd is an essential part of the VPN component, which is probably why things aren't working.

-----Original Message-----
From: Eduardo Frias [mailto:[email protected]]
Sent: 06 August 2002 14:33
To: [email protected]
Subject: [FW-1] Backing up firewall objects

Hi, good morning.

Recently, I moved my firewall from one machine to another, I backed-up my conf directory and copy that directory to my new installation. Everything works fine!,I have all my old objects, rules, etc. The only thing that does not work is one VPN!!! Is there something else besides the conf directory that has to be copied in order to have the VPN working again? I have seen that in my old server I have two processes running that I do not have in the new one, the name of these processes are ISAKMPD and MDQ, what are they? and why they are not running in ny new server?, is this a reason why the VPN is not working?

As always thank you very much

This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses.

www.uk.didata.com
**********************************************************************

------------------------------

Date: Mon, 19 Aug 2002 14:16:21 -0400
From: "Jignesh G. Pathak" <[email protected]>
Subject: Jignesh Pathak/LKS is out of the office.

I will be out of the office starting 08/19/2002 and will not return until 08/24/2002.

I will respond to your message when I return.

------------------------------

Date: Mon, 19 Aug 2002 14:39:47 -0400
From: Leonardo Boulton <[email protected]>
Subject: Re: gateway-to-gateway VPNs FP2 style...

Is not that easy... when you add the firewall object to a Community, the VPN in the left pannel that you say changes...

Some one at Check Point sayd that you can only use certificates, no longer preshared secret with FP2... FP3 will support preshared secrets....

-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 [mailto:[email protected]]En nombre de Julian Burton Enviado el: Monday, August 19, 2002 9:50 AM

Para: [email protected]
Asunto: Re: [FW-1] gateway-to-gateway VPNs FP2 style...

Pre-shared secret:

Open up your firewall object
Select VPN in the left-hand pane
Select your encryption scheme and click Details
Click Pre-shared secret and click Details
and add the secret here.

Julian

>-----------------------------------------------------------------------
>----
-------------------|
|
|
|       To:       [email protected]
|
|       cc:
|
|       Subject: [FW-1] gateway-to-gateway VPNs FP2 style...
|

>-----------------------------------------------------------------------
>----
-------------------|

Hi lads,

The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to.

Can any body help me on that one...

Thanks a lot.

Leonardo Boulton

Network Security Engineer
CyberTech Projects
web: www.cybertechproject.com
email: [email protected]
phone: (
cel: (
msn id: [email protected]
Caracas, Venezuela

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet.

**********************************************************************

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet.

------------------------------

Date: Mon, 19 Aug 2002 15:16:01 -0400
From: Rick Osterberg <[email protected]>
Subject: SecuRemote licensing woes

How is it that every time I have ever done an upgrade to a CheckPoint product, I always get screwed over by some stupid licensing problem? And it always includes SecuRemote, which I'm told is free, yet requires you to jump up and down 18 times, look towards the sun, howl like a wolf, and eat a witches broth before you can get the license string straightened out.

If I'm supposed to be able to use SecuRemote without any extra money, why doesn't it just WORK? It's really too bad there aren't other products as good as this one, because the hassles with the licensing make it barely worth it.

-Rick, waiting on his vendor to provide a useful certificate key for SecuRemote for NG so that the new upgraded firewall actually works all the way.

------------------------------

Date: Mon, 19 Aug 2002 15:31:58 -0400
From: Carric Dooley <[email protected]>
Subject: What does the update button do?

Anyone know the specifics of what the "Update Site" button does in the Secure Remote/Secure Client. It is difficult to find any good documentation on this. I have heard that it downloads the userc.c file, but is it doing anything else?? The question has come up about this also providing some "synchronization" for clients that use SecureID. I have looke for a while now, and I'm hoping someone knows.

Thanks

------------------------------

Date: Mon, 19 Aug 2002 15:09:26 -0500
From: "Orr, Paul" <[email protected]>
Subject: Secure Remote NG FP2 Session drops....

I seemed to have developed the same problem in the last couple of months. I haven't been able to figure out what has caused it. If anyone knows how to resolve this issue, please let me know as well.

Thank you,

Paul Orr

------------------------------

Date: Mon, 19 Aug 2002 15:50:38 -0500
From: Greg Polanski <[email protected]>
Subject: Re: What does the update button do?

Update site causes userc.C to be reread and recreated.

In general, this is not frequently used.
Update site will allow the client to catch up to
        encryption domain changes
        DNS server changes
        Netbios server changes

greg

Carric Dooley wrote:
>
> Anyone know the specifics of what the "Update Site" button does in the
> Secure Remote/Secure Client. It is difficult to find any good
> documentation on this. I have heard that it downloads the userc.c
> file, but is it doing anything else?? The question has come up about
> this also providing some "synchronization" for clients that use
> SecureID. I have looke for a while now, and I'm hoping someone knows.
>
> Thanks
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

-- _______________________________________________________________
Greg Polanski                    mailto:[email protected]
ADC Telecommunications, Inc.
MS 36                           FAX
PO Box 1101                     cell/pager
Minneapolis, MN 55440-1101     @mobile.att.net
_______________________________________________________________

------------------------------

Date: Mon, 19 Aug 2002 16:55:26 -0400
From: Frank Darden <[email protected]>
Subject: Re: StoneBeat FullCluster 3.0 SP1 and OPSEC certification

Tomi,

That's wonderful, but when will your support staff be able to help with issues regarding Stonebeat and NG? We have many open tickets with your organization and absolutely no resolution. I guess I would summarize this by saying from my perspective, the lights are on and nobody's home at Stonesoft.

=======================================
Frank Darden
Chief Technology Officer
Mission Critical Systems
3320 NW 53rd St. Suite 202
Fort Lauderdale, FL 33309
Phone
Fax
AIM/MSN FishinCritical ===========================================

-----Original Message-----
From: Tomi Kononow [mailto:[email protected]]
Sent: Monday, August 19, 2002 7:58 AM
To: [email protected]
Subject: [FW-1] StoneBeat FullCluster 3.0 SP1 and OPSEC certification

Hi,

StoneBeat FullCluster 3.0 SP1 fully supports Check Point FW-1 NG FP2 already. Latest released StoneBeat FullCluster versions (15.8.2002):

- StoneBeat FullCluster 3.0 SP1 for Linux
- StoneBeat FullCluster 3.0 HF5-1 for Solaris
- StoneBeat FullCluster 3.0 HF1-1 for Windows 2000

Please download the latest software versions and release notes from Stonesoft Web site: http://www.stonesoft.com/download/

Regards,

Tomi Kononow
Technical Product Manager, StoneBeat ////////////////////////////////////////////////////////////////////////
/

Date: Fri, 16 Aug 2002 01:28:47 -0700
From: Skar <[email protected]>
Subject: Re: NG FP2 with Stonebeat full cluster 3

Sorry for the late interrupt,
Does StoneBeat FC is certfied for NG FP2 ?
If not, I thought Checkpoint will release FP3 at
October. Than How long we will wait SBFC for FP3
certification ? Strange...

------------------------------

Date: Tue, 20 Aug 2002 07:25:53 +0800
From: "Leonard Panares (TS-PH)" <[email protected]>
Subject: Re: Destination Static NATting

hahahahahaah...nagpapadala ka rin pala dito :-D

-----Original Message-----
From: Maenard Martinez (TS-PH)
Sent: Monday, August 19, 2002 10:39 PM
To: [email protected]
Subject: [FW-1] Destination Static NATting

Hi!

I have a lab wherein I am simulating the setup below:

Objective: Let external IPs (172.16.0.0/16) connect to the Internet services on the 10.0.0.0/8 network

FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1 [172.16.3.20/172.16.30.20] -------------- External

I did the following already on the Policy:

SOURCE DESTINATION SERVICE ACTION
Any 172.16.30.20 FTP/HTTP/SMTP Accept

For the NAT, I have these:

(NT4.0):

Am I missing something?

Any feedback is highly appreciated.

Thanks,
Leo

------------------------------

Date: Mon, 19 Aug 2002 23:32:55 +0000
From: Rodrigo Benzaquen <[email protected]>
Subject: Re: StoneBeat FullCluster 3.0 SP1 and OPSEC certification

Hi Frank,

I think I'm in the same problem that you are.

We already have FP2 with SBFC 3.0 with a lot of problems. Stonesoft is giving us no response and also checkpoint.

Iwill apreciate if you can send me the problems that you are having and maybe we can help us each other.

Thanks
Rodrigo

>-- Original Message --
>Date:         Mon, 19 Aug 2002 16:55:26 -0400
>Reply-To: Mailing list for discussion of Firewall-1               <[email protected]>
>From: Frank Darden <[email protected]>
>Subject:      Re: [FW-1] StoneBeat FullCluster 3.0 SP1 and OPSEC certification
>To: [email protected]
>
>
>Tomi,
>
>That's wonderful, but when will your support staff be able to help with
>issues regarding Stonebeat and NG? We have many open tickets with your
>organization and absolutely no resolution. I guess I would summarize
>this by saying from my perspective, the lights are on and nobody's home
>at Stonesoft.
>
>=======================================
>Frank Darden
>Chief Technology Officer
>Mission Critical Systems
>3320 NW 53rd St. Suite 202
>Fort Lauderdale, FL 33309
>Phone
>Fax
>AIM/MSN FishinCritical ===========================================
>
>
>-----Original Message-----
>From: Tomi Kononow [mailto:[email protected]]
>Sent: Monday, August 19, 2002 7:58 AM
>To: [email protected]
>Subject: [FW-1] StoneBeat FullCluster 3.0 SP1 and OPSEC certification
>
>Hi,
>
>StoneBeat FullCluster 3.0 SP1 for Check Point FW-1 NG FP2 was submitted
>for OPSEC certification at the beginning of July. We are waiting Check
>Point's
>acceptance for the certification for Windows 2000 platform during week
>34.
>OPSEC certification for Solaris platform will follow in near future.
>
>StoneBeat FullCluster 3.0 SP1 fully supports Check Point FW-1 NG FP2
>already. Latest released StoneBeat FullCluster versions (15.8.2002):
>- StoneBeat FullCluster 3.0 SP1 for Linux
>- StoneBeat FullCluster 3.0 HF5-1 for Solaris
>- StoneBeat FullCluster 3.0 HF1-1 for Windows 2000
>
>Please download the latest software versions and release notes from
>Stonesoft Web site: http://www.stonesoft.com/download/
>
>
>Regards,
>
>Tomi Kononow
>Technical Product Manager, StoneBeat
>///////////////////////////////////////////////////////////////////////
>/
>/
>
>
>Date:    Fri, 16 Aug 2002 01:28:47 -0700
>From:    Skar <[email protected]>
>Subject: Re: NG FP2 with Stonebeat full cluster 3
>
>Sorry for the late interrupt,
>Does StoneBeat FC is certfied for NG FP2 ?
>If not, I thought Checkpoint will release FP3 at
>October. Than How long we will wait SBFC for FP3
>certification ? Strange...
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================

------------------------------

Date: Fri, 16 Aug 2002 15:05:46 -0400
From: Bill <[email protected]>
Subject: Re: Nokia VRRP Monitored Circuit Question

Another easy way to view if vrrp is working.....

ifconfig -a

if a port -- for any reason good or bad -- believes it is the master, it will list the virtual ip address and the virtual mac address with the actual interface.

none of these methods --as far as i know -- will tell you directly if monitored circuit is configured correctly. you will have to test each port in a failure scenario and use all the aforementioned methods to verify that the correct box and ports are now the vrrp master(s).

to fail ports you can either pull cables or use the nokia voyager to de-activate the logical layer for the duration of the test. just be careful that you do not cut yourself off from the box.

good luck
bill

----- Original Message -----
From: "Brendan Laws" <[email protected]>
To: <[email protected]>
Sent: Friday, August 16, 2002 5:06 AM
Subject: Re: [FW-1] Nokia VRRP Monitored Circuit Question

> Your best bet is to click "Monitor" and not Config, then have a look
> at
the VRRP stuff it will tell you what interfaces are in Master or backup state.
>
> or via the console type the following
>
> box# iclid
> box> sh vrrp interfaces OR sh vrrp stat
>
> cheers
>
> Brendan
>
> -----Original Message-----
> From: usui [mailto:[email protected]]
> Sent: Fri 16/08/2002 10:46 AM
> To: [email protected]
> Cc:
> Subject: [FW-1] Nokia VRRP Monitored Circuit Question
>
>
>
> Hi All,
>
> I have a question regarding a Nokia VRRP with FireWall-1 FP2. If I
> configure Nokia VRRP correctly, is there some ways which I can confirm
> by Nokia Voyager that VRRP is working correctly ?
>
> On Voyager , When I click on config , Router Services (VRRP) , and
> VRRP Monitor at the bottom of the display, I can see "Flags on" there.
>
> What does "Flags on" stand for ?
> Does this mean VRRP is working correctly ?
>
> Any advice would be greatly appreciated !
>
> Thank you.
>
> usui
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
>
>

------------------------------

Date: Tue, 20 Aug 2002 00:30:42 -0400
From: Bill <[email protected]>
Subject: Telnet Access to Nokia IP650 as a Checkpoint NG Enforcement Point

This is a multi-part message in MIME format.

--Boundary_(ID_vHXAxun+sbuTKTv3cc/F6Q)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

I am experiencing a weird problem and hope someone may have seen this before.

I have done a clean install of Checkpoint NG on an NT Server (Management) and a Nokia IP650 (enforcement point). All licensing is OK, I can download policy, the status manager reports a "connected state", etc.

My problem is that when telnetting to the Nokia IP650, I get no activity at the telnet console, BUT

1) the checkpoint logs indicate an accepted packet
2) a "netstat -an" at the Nokia IP650 indicates an established telnet connection.
3) a "netstat -an" at any PC I have telnetted from indicates an established telnet connection.
4) I have tried this with MS command line telnet and hyperterminal and seen identical issues.

One last thing. When the firewall software package is turned off (similar to uninstalling), then telnet.

I have not had a chance to sniff/tcpdump the problem yet.

Regards
Bill

--Boundary_(ID_vHXAxun+sbuTKTv3cc/F6Q)
Content-type: text/html; charset=iso-8859-1
Content-transfer-encoding: 7BIT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2712.300" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV>I am experiencing a weird problem and hope someone may have seen this before.<BR><BR>I have done a clean install of Checkpoint NG on an NT Server

(Management) and a Nokia IP650 (enforcement point).  All licensing is OK, I can download policy, the status manager reports a "connected state", etc.<BR><BR>My problem is that when telnetting to the Nokia IP650, I get no activity at the telnet console, BUT<BR><BR>1)  the checkpoint logs indicate an accepted packet<BR>2)  a "netstat -an" at the Nokia IP650 indicates an established telnet connection.<BR>3)  a "netstat -an" at any PC I have telnetted from indicates an established telnet connection.<BR>4)  I have tried this with MS command line telnet and hyperterminal and seen identical issues.<BR><BR>One last thing.  When the firewall software package is turned off (similar to uninstalling), then telnet.</DIV> <DIV><BR>I have not had a chance to sniff/tcpdump the problem yet.<BR><BR>Regards<BR>Bill</DIV></BODY></HTML>

--Boundary_(ID_vHXAxun+sbuTKTv3cc/F6Q)--

------------------------------

End of FW-1-MAILINGLIST Digest - 18 Aug 2002 to 19 Aug 2002 (#2002-234)
***********************************************************************

Prev by Date: [FW-1] UNSUBSCRIBE fw-1-mailinglist
Next by Date: [FW-1] Macintosh VPN-1 Client...Anyone?
Previous by thread: [FW-1] FW: securemot and vpn connection
Next by thread: [FW-1] NG FP2 Static NAT with Windows 2000 SP3 server
Index(es):
- Date
- Thread