[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] unsubscribe
Title: unsubscribe -----Original Message-----
There are 36 messages totalling 3066 lines in this issue. Topics of the day: 1. Problems with E-mail ( TOO MUCH MAIL DATA)
=================================================
---------------------------------------------------------------------- Date: Mon, 19 Aug 2002 09:29:42 +0200
hi, check the smtp-properties of your firewall-object (not the global =
walter nordmann, cards germany -----Original Message-----
Hi Friend: Someone have problem with the SMTP resources?
Best Regards Oscar =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
------------------------------ Date: Mon, 19 Aug 2002 10:13:06 +0200
Hi, on w2k you better disable the automatic start of securemote under services. If you set the starttype of securemote watchdog and securemote itself to "manual", you can later start it with the command "net start .....". best regards fitz, CCSA/CCSE ----- Original Message -----
> Hello,
------------------------------ Date: Mon, 19 Aug 2002 12:18:38 +0200
Hi,
------------------------------ Date: Mon, 19 Aug 2002 20:43:17 +1000
SGksDQogDQpjb3VsZCBzb21lb25lIHRlbGwgbWUgaWYgaXQgaXMgcG9zc2libGUgZm9yIGEgU2Vj
------------------------------ Date: Mon, 19 Aug 2002 20:44:34 +1000
dGhhbmsgeW91IHRvIGFsbCB0aG9zZSB3aG8gcmVwbGllZCB0byB0aGlzDQogDQp3b3VsZCBhcHBl
------------------------------ Date: Mon, 19 Aug 2002 14:58:05 +0300
Hi, StoneBeat FullCluster 3.0 SP1 for Check Point FW-1 NG FP2 was submitted for OPSEC certification at the beginning of July. We are waiting Check Point's acceptance for the certification for Windows 2000 platform during week 34. OPSEC certification for Solaris platform will follow in near future. StoneBeat FullCluster 3.0 SP1 fully supports Check Point FW-1 NG FP2 already. Latest released StoneBeat FullCluster versions (15.8.2002): - StoneBeat FullCluster 3.0 SP1 for Linux
Please download the latest software versions and release notes from Stonesoft Web site: http://www.stonesoft.com/download/ Regards, Tomi Kononow
Date: Fri, 16 Aug 2002 01:28:47 -0700
Sorry for the late interrupt,
------------------------------ Date: Mon, 19 Aug 2002 08:22:29 -0400
Hi lads, Once again I come to you seeking for help. Before I had a Check Point FW1 NG FP2 with many gateway-to-gatewway VPNs configured. In FP1 there was no "if via" column in the rule base (for those of you who've already seen FP2), to configure a VPN you just go to the firewall object, VPN tab and set the preshared secret for it, then in the rulebase's action you set "encrypt". Now, FP2 handles VPNs differently: you must set comunities and add firewall objects to those communities. The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to. Can any body help me on that one... Thanks a lot. Leonardo Boulton Network Security Engineer
------------------------------ Date: Mon, 19 Aug 2002 08:23:24 -0400
It is not possible.... you must configure that directlly from the policy editor. -----Mensaje original-----
Para: [email protected]
Hi, could someone tell me if it is possible for a SecureRemote user to change their logon passwords from the client. they are authenticating to the firewall via fw-1/vpn-1 password. is it possible for the client to change there password, if so what method of authentication is needed? thanks Brendan ------------------------------ Date: Mon, 19 Aug 2002 09:25:08 -0400
This is a multi-part message in MIME format. ------=_NextPart_000_020E_01C24762.4F8664D0
In the August issue of information security magazine, they have a great = article on Instant messaging. Unfortunately they didn't tell me = anything new :( I have been trying to block IM off and on...but this = article re-energized me. Here are the steps I have take so far in an = attempt to block AOL's AIM Currently Blocking:
I've tried these rules: Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp =
Internal Network login.oscar.aol.com ANY drop long What am I missing? Is there any reason a reverse rule is needed?=20 Any info is appreciated, -AD ------=_NextPart_000_020E_01C24762.4F8664D0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>In the August issue of information = security=20 magazine, they have a great article on Instant messaging. = Unfortunately=20 they didn't tell me anything new :( I have been trying to block IM = off and=20 on...but this article re-energized me. Here are the steps I have = take so=20 far in an attempt to block AOL's AIM</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Currently Blocking:</FONT></DIV> <DIV><FONT face=3DArial size=3D2>5190 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>4443 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>All traffic to login.oscar.aol.com = (which is=20 64.12.x.x) </FONT></DIV>
login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp 5190 = http/s=20 drop long</EM></FONT></DIV> <DIV><FONT face=3DArial size=3D2>*Nice...it's using the DNS port, this = thing is like=20 a Trojan, it will actually scan for open ports</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><EM>Internal Network =20 login.oscar.aol.com ANY = drop=20 long</EM></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>What am I missing? Is there any = reason a=20 reverse rule is needed?</FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Any info is appreciated,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-AD</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML> ------=_NextPart_000_020E_01C24762.4F8664D0-- ------------------------------ Date: Mon, 19 Aug 2002 15:22:42 +0200
Hello Does anybody have a guide how to tune a solaris 8 box with FW-1 NG? Regards MArtin __________________________________http://www.clounet.ch Martin Christen
Phone: +41(0)31 950 55 83 ClouNet AG
------------------------------ Date: Mon, 19 Aug 2002 09:28:52 -0400
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C24784.5BDCD710
IKE Settings. Saludos -----Mensaje original-----
Hi lads, Once again I come to you seeking for help. Before I had a Check Point FW1 NG FP2 with many gateway-to-gatewway VPNs configured. In FP1 there was no "if via" column in the rule base (for those of you who've already seen FP2), to configure a VPN you just go to the firewall object, VPN tab and set the preshared secret for it, then in the rulebase's action you set "encrypt". Now, FP2 handles VPNs differently: you must set comunities and add firewall objects to those communities. The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to. Can any body help me on that one... Thanks a lot. Leonardo Boulton Network Security Engineer
=================================================
------_=_NextPart_001_01C24784.5BDCD710
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<TITLE>RE: [FW-1] gateway-to-gateway VPNs FP2 style...</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>IKE Settings.</FONT>
<P><FONT SIZE=3D2>Saludos</FONT>
<P><FONT SIZE=3D2>-----Mensaje original-----</FONT>
<BR><FONT SIZE=3D2>Asunto: [FW-1] gateway-to-gateway VPNs FP2 = style...</FONT> </P> <BR> <P><FONT SIZE=3D2>Hi lads,</FONT>
<P><FONT SIZE=3D2>Once again I come to you seeking for help. Before I = had a Check Point FW1 NG</FONT> <BR><FONT SIZE=3D2>FP2 with many gateway-to-gatewway VPNs configured. = In FP1 there was no "if</FONT> <BR><FONT SIZE=3D2>via" column in the rule base (for those of you = who've already seen FP2), to</FONT> <BR><FONT SIZE=3D2>configure a VPN you just go to the firewall object, = VPN tab and set the</FONT> <BR><FONT SIZE=3D2>preshared secret for it, then in the rulebase's = action you set "encrypt".</FONT> <BR><FONT SIZE=3D2>Now, FP2 handles VPNs differently: you must set = comunities and add firewall</FONT> <BR><FONT SIZE=3D2>objects to those communities.</FONT> </P> <P><FONT SIZE=3D2>The question is that I don't know where to edit the = preshared secret. In the</FONT> <BR><FONT SIZE=3D2>firewall object's VPN tab all you can set is the = community that firewall</FONT> <BR><FONT SIZE=3D2>belongs to.</FONT> </P> <P><FONT SIZE=3D2>Can any body help me on that one...</FONT> </P> <P><FONT SIZE=3D2>Thanks a lot.</FONT>
<P><FONT SIZE=3D2>Leonardo Boulton</FONT>
<P><FONT SIZE=3D2>Network Security Engineer</FONT>
<BR><FONT SIZE=3D2>phone: (</FONT> <BR><FONT SIZE=3D2>cel: (</FONT> <BR><FONT SIZE=3D2>msn id: [email protected]</FONT> <BR><FONT SIZE=3D2>Caracas, Venezuela</FONT> </P> <P><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
<BR><FONT SIZE=3D2>in the BODY of the email add:</FONT> <BR><FONT SIZE=3D2>set fw-1-mailinglist nomail</FONT> <BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
ONT>
<BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
</BODY>
------------------------------ Date: Mon, 19 Aug 2002 14:50:08 +0100
Pre-shared secret: Open up your firewall object
Julian |---------+---------------------------------------------->
Hi lads, Once again I come to you seeking for help. Before I had a Check Point FW1 NG FP2 with many gateway-to-gatewway VPNs configured. In FP1 there was no "if via" column in the rule base (for those of you who've already seen FP2), to configure a VPN you just go to the firewall object, VPN tab and set the preshared secret for it, then in the rulebase's action you set "encrypt". Now, FP2 handles VPNs differently: you must set comunities and add firewall objects to those communities. The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to. Can any body help me on that one... Thanks a lot. Leonardo Boulton Network Security Engineer
=================================================
________________________________________________________________________
**********************************************************************
NOTICE:
********************************************************************** ________________________________________________________________________
------------------------------ Date: Mon, 19 Aug 2002 07:05:56 -0700
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C24789.89E5DDF0
Stephen; I am obviously interested in your comparison. Do you have some technical details you would like to share ? Thanks -----Original Message-----
Trust me on this one the best is NOT websense or surfcontrol. This best is www.N2H2.com or 8e6 (xstop) www.8e6.com . I have just finished testing this and n2h2 and 8e6 came out on top. stephen ----- Original Message -----
> Can anyone recommend URL filtering software for 4.1 or NG or just in
=================================================
------_=_NextPart_001_01C24789.89E5DDF0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<TITLE>RE: [FW-1] Url Filtering software</TITLE>
<P><FONT SIZE=3D2>Stephen;</FONT>
<P><FONT SIZE=3D2>I am obviously interested in your comparison. Do you = have some technical details you would like to share ?</FONT> </P> <P><FONT SIZE=3D2>Thanks</FONT>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>Subject: Re: [FW-1] Url Filtering software</FONT> </P> <BR> <P><FONT SIZE=3D2>Trust me on this one the best is NOT websense or = surfcontrol. This best is</FONT> <BR><FONT SIZE=3D2>www.N2H2.com or 8e6 (xstop) www.8e6.com . I = have just finished testing this</FONT> <BR><FONT SIZE=3D2>and n2h2 and 8e6 came out on top.</FONT> </P> <BR> <P><FONT SIZE=3D2>stephen</FONT>
<P><FONT SIZE=3D2>----- Original Message -----</FONT>
<P><FONT SIZE=3D2>> Can anyone recommend URL filtering software for = "" or NG or just in</FONT> <BR><FONT SIZE=3D2>general?</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> Thanks</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
<BR><FONT SIZE=3D2>> in the BODY of the email add:</FONT> <BR><FONT SIZE=3D2>> set fw-1-mailinglist nomail</FONT> <BR><FONT SIZE=3D2>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
ONT>
<BR><FONT SIZE=3D2>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
<P><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
<BR><FONT SIZE=3D2>in the BODY of the email add:</FONT> <BR><FONT SIZE=3D2>set fw-1-mailinglist nomail</FONT> <BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
ONT>
<BR><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
</BODY>
------------------------------ Date: Mon, 19 Aug 2002 16:02:18 +0200
I wrote last week about securemote failing for about half of our employees. We could see packets from the failing connections entering the firewall, but not leaving any of the interfaces. No drops could be found in the log viewer. A laptop that functioned at my house (over DSL) would not function on a dialup connection. The problem was eventually traced to the IP NAT Pool being full. It appears that the NAT associations never time out! The employees that were still working were on static addresses at their homes, and their associations in the table allowed them to continue functioning. Those coming in on dynamic addresses (like my laptop on dialup) were refused, as no new associations could be made. We temporarily solved this problem by deleting all entries in the pool. I need a more permanent solution, i.e. why don't the entries time out? Any ideas? Interesting experiment was to purge the pool while the dialled in laptop ran ping -t to an internal machine. Two packets were missed, but it then started right back up again. This being the case I am considering cron'ing the command to empty the pool to run each night at 2AM or something. Any comments on this approach? Thanks! Jeff LaCoursiere
------------------------------ Date: Mon, 19 Aug 2002 22:38:43 +0800
Hi! I have a lab wherein I am simulating the setup below: Objective: Let external IPs (172.16.0.0/16) connect to the Internet services on the 10.0.0.0/8 network FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1 [172.16.3.20/172.16.30.20] -------------- External The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two valid (logically) IP addresses are bound that will act as external IP addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate multiple NICs. I did the following already on the Policy: SOURCE DESTINATION SERVICE ACTION
For the NAT, I have these: [ORIGINAL PACKET] [TRANSLATED PACKET]
I also retrieved the MAC address of the NIC of the FW-1 and added it on the local.arp and installed the policy. On the article from PhoneBoy, it mentioned the IP spoofing configuration. I am not familiar with the said configuration? After following the steps (except for the IP spoofing), it still doesn't work. According to the log, the traffic from the external is being accepted by 172.16.30.20, but that's it; there's no indication that the traffic is being forwarded or translated to 10.0.0.4; but the FTP traffic is being accepted by 172.16.30.20. I also have this route on my routing table (NT4.0): Network Destination Netmask Gateway Interface Metric
Am I missing something? Any feedback is highly appreciated. Thanks,
------------------------------ Date: Mon, 19 Aug 2002 08:13:54 -0700
So would the alternative be to setup a RADIUS service
k
===== K a r l i . . . (c)2002
__________________________________________________
------------------------------ Date: Mon, 19 Aug 2002 11:55:39 -0400
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C24798.DD777006
Your second rule: Internal Network login.oscar.aol.com ANY drop long is how we have blocked AIM here where login.oscar.aol.com is the network range of 205.188.7.0. That has worked great for us. Your network of 64.12.x.x may be what you need to use. Sometimes the ranges are location specific. The locationof the rule in the rulebase is also important - closer to the top. Cheers, Chris -----Original Message-----
In the August issue of information security magazine, they have a great article on Instant messaging. Unfortunately they didn't tell me anything new :( I have been trying to block IM off and on...but this article re-energized me. Here are the steps I have take so far in an attempt to block AOL's AIM Currently Blocking: 5190 tcp/udp 4443 tcp/udp All traffic to login.oscar.aol.com (which is 64.12.x.x) I've tried these rules: Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp 5190
*Nice...it's using the DNS port, this thing is like a Trojan, it will actually scan for open ports Internal Network login.oscar.aol.com ANY drop long What am I missing? Is there any reason a reverse rule is needed? Any info is appreciated, -AD ------_=_NextPart_001_01C24798.DD777006
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head>
<meta name=Generator content="Microsoft Word 10 (filtered)"> <style>
</head> <body bgcolor=white lang=EN-CA link=blue vlink="#606420"> <div class=Section1> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>Your second rule:</span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal style='margin-left:.5in'><em><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;color:black'>Internal Network login.oscar.aol.com
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>is how we have blocked AIM here where <i><span style='font-style:italic'>login.oscar.aol.com </span></i>is the network range of <i><span style='font-style:italic'>205.188.7.0</span></i>.</span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>That has worked great for us. Your network of </span></font><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;color:black'>64.12.x.x may be what you need to use. Sometimes the ranges are location specific. The locationof the rule in the rulebase is also important – closer to the top.</span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>Cheers,</span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'>Chris</span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:black'> </span></font></p> <p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
19, 2002</span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'> </span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>9:25 AM</span></font><font size=2 face=Tahoma><span lang=EN-US style='font-size: 10.0pt;font-family:Tahoma'><br> <b><span style='font-weight:bold'>To:</span></b> [email protected]<br>
<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>In the August issue of information security magazine, they have a great article on Instant messaging. Unfortunately they didn't tell me anything new :( I have been trying to block IM off and on...but this article re-energized me. Here are the steps I have take so far in an attempt to block AOL's AIM</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Currently Blocking:</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>5190 tcp/udp</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>4443 tcp/udp</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>All traffic to login.oscar.aol.com (which is 64.12.x.x) </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>I've tried these rules:</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><em><i><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp 5190 http/s drop long</span></font></i></em></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>*Nice...it's using the DNS port, this thing is like a Trojan, it will actually scan for open ports</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><em><i><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Internal Network login.oscar.aol.com ANY drop long</span></font></i></em></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>What am I missing? Is there any reason a reverse rule is needed?</span></font> </p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Any info is appreciated,</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>-AD</span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> <div> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p> </div> </div> </body> </html> ------_=_NextPart_001_01C24798.DD777006-- ------------------------------ Date: Mon, 19 Aug 2002 18:57:16 +0300
Yes. You cant change fw1-1/vpn-1 password, but if you use radius with AD,you can use IIS web based tool to change Domain password which checkpoint uses jani -----Original Message-----
It is not possible.... you must configure that directlly from the policy editor. -----Mensaje original-----
Para: [email protected]
Hi, could someone tell me if it is possible for a SecureRemote user to change their logon passwords from the client. they are authenticating to the firewall via fw-1/vpn-1 password. is it possible for the client to change there password, if so what method of authentication is needed? thanks Brendan =================================================
------------------------------ Date: Mon, 19 Aug 2002 12:29:58 -0400
This is a multi-part message in MIME format. ------=_NextPart_000_0036_01C2477C.21D48D90
(F/W: 4.1 sp4) In the August issue of information security magazine, they have a great = article on Instant messaging. Unfortunately they didn't tell me = anything new :( I have been trying to block IM off and on...but this = article re-energized me. Here are the steps I have take so far in an = attempt to block AOL's AIM Currently Blocking:
I've tried these rules: Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp =
Internal Network login.oscar.aol.com ANY drop long What am I missing? Is there any reason a reverse rule is needed?=20 Any info is appreciated, -AD ------=_NextPart_000_0036_01C2477C.21D48D90
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2> <DIV><FONT face=3DArial size=3D2>(F/W: 4.1 sp4)</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>In the August issue of information = security=20 magazine, they have a great article on Instant messaging. = Unfortunately=20 they didn't tell me anything new :( I have been trying to block IM = off and=20 on...but this article re-energized me. Here are the steps I have = take so=20 far in an attempt to block AOL's AIM</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Currently Blocking:</FONT></DIV> <DIV><FONT face=3DArial size=3D2>5190 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>4443 tcp/udp</FONT></DIV> <DIV><FONT face=3DArial size=3D2>All traffic to login.oscar.aol.com = (which is=20 64.12.x.x) </FONT></DIV>
login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp 5190 = http/s=20 drop long</EM></FONT></DIV> <DIV><FONT face=3DArial size=3D2>*Nice...it's using the DNS port, this = thing is like=20 a Trojan, it will actually scan for open ports</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><EM>Internal Network =20 login.oscar.aol.com ANY = drop=20 long</EM></FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>What am I missing? Is there any = reason a=20 reverse rule is needed?</FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Any info is appreciated,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial = size=3D2>-AD</FONT></DIV></FONT></DIV></BODY></HTML> ------=_NextPart_000_0036_01C2477C.21D48D90-- ------------------------------ Date: Mon, 19 Aug 2002 12:27:42 -0400
This is a multi-part message in MIME format. ------=_NextPart_000_00A9_01C2477B.D0CA65F0
Everyone,
Rob [Robert Woods]
Sent: Monday, August 19, 2002 9:25 AM
In the August issue of information security magazine, they have a great article on Instant messaging. Unfortunately they didn't tell me anything new :( I have been trying to block IM off and on...but this article re-energized me. Here are the steps I have take so far in an attempt to block AOL's AIM Currently Blocking:
I've tried these rules: Internal network login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp
Internal Network login.oscar.aol.com ANY drop long What am I missing? Is there any reason a reverse rule is needed? Any info is appreciated, -AD ------=_NextPart_000_00A9_01C2477B.D0CA65F0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><SPAN class=3D2002><FONT face=3DTahoma=20 size=3D2>Everyone,</FONT></SPAN></DIV> <DIV><SPAN class=3D2002><FONT face=3DTahoma = size=3D2> This has=20 been an ongoing issue at my centre, and I suggest checking the log-in = schemes=20 every six months or so. Opening up the ports for = "" in as=20 yourself, and watch the firewall/gateway logs. Instant Messenger=20 applications have been known to move servers or change IP addresses to = thwart=20 people like us trying to block these application. Also, watch for = "" based interfaces to the Instant Messenger applications. If there = is a way=20 around a system, people will find it! i.e., <A=20 href="" href="http://www.icq.com/icqwebbie" TARGET="_blank">http://www.icq.com/icqwebbie"><FONT face=3D"Times New Roman"=20 size=3D3>www.icq.com/icqwebbie</FONT></A><FONT face=3D"Times New Roman" = size=3D3>=20 </FONT></FONT></SPAN></DIV> <DIV><SPAN class=3D2002><FONT face=3DTahoma=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D2002><FONT face=3DTahoma=20 size=3D2>Rob</FONT></SPAN></DIV> <DIV><SPAN class=3D2002><FONT face=3DTahoma=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D2002></SPAN><FONT face=3DArial = color=3D#0000ff=20 size=3D2><SPAN class=3D2002> </SPAN></FONT></DIV> <DIV><FONT face=3DTahoma><FONT face=3DArial color=3D#0000ff=20 size=3D2></FONT></FONT> </DIV> <DIV><FONT face=3DTahoma><FONT face=3DArial color=3D#0000ff = size=3D2></FONT> </DIV> <DIV><BR><FONT size=3D2><SPAN class=3D2002><FONT = face=3DArial=20 color=3D#0000ff>[Robert Woods] </FONT></SPAN></FONT></DIV> <DIV><FONT size=3D2><SPAN = class=3D2002> </SPAN>-----Original=20
<DIV><FONT face=3DArial size=3D2>In the August issue of information = security=20
------=_NextPart_000_00A9_01C2477B.D0CA65F0-- ------------------------------ Date: Mon, 19 Aug 2002 10:44:42 -0600
This is a multi-part message in MIME format. ------=_NextPart_000_00DB_01C2476D.6CD2B1F0
Hello,
Carmen
Hello Does anybody have a guide how to tune a solaris 8 box with FW-1 NG? Regards MArtin __________________________________http://www.clounet.ch Martin Christen
Phone: +41(0)31 950 55 83 ClouNet AG
= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
------=_NextPart_000_00DB_01C2476D.6CD2B1F0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV> <DIV><FONT face=3DArial size=3D2>go to <A=20 href="" href="http://www.enteract.com/~lspitz/armoring.html" TARGET="_blank">http://www.enteract.com/~lspitz/armoring.html">http://www.enterac= t.com/~lspitz/armoring.html</A></FONT></DIV>
------=_NextPart_000_00DB_01C2476D.6CD2B1F0-- ------------------------------ Date: Mon, 19 Aug 2002 17:52:14 +0100
You can use the CP FW-1 management GUI to manage CP SmallOffice - I have set this up before. -----Original Message-----
Is it possible to use the GUI management clients that are normally used for CP FW-1 Small Office? I can use the web management https://192.168.1.1 and the proper login, but using the GUI cilents I get a "connection cannot be initiated. Makesure that server 192.168.1.1 is up and running. any ideas? Also, using the webinterface, it lets you deifne 5 TCP/UDP ports to allow to lan, dmz, or internet. Is it possible to allow more than five? If so, how? Thanks guys!
=================================================
**********************************************************************
This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses. www.uk.didata.com
------------------------------ Date: Mon, 19 Aug 2002 17:54:22 +0100
You remove licenses with cplic del (signature) NOT certificate key. Signature is viewable with a cplic -k. Regards, Tim -----Original Message-----
Hi Jim, When I serach my reg db on my Mgmt server the only place I find CPVP-VSO-1-3DES-MGMT-V41 is under HKEY_CURRENT_USER\Software\Microsoft\Internet Explore..... and I don't think that is the place CP saves the licens'. But thank you for your input. Best Regards, Ole Jakobsen jim parker <[email protected]>
02-08-2002 20:06
interesting, i know the licenses for 4.1 on win32 are held in the registry, so try doing a search look for "CPVP-VSO-1-3DES-MGMT-V41", then delete it from the registry? I'm assuming you know how to edit the registry and as such are aware of the possible implications... just covering my own arse there... :) -----Original Message-----
Hi all, I have a problem with a license that i can't delete from my NG FP2 management server. The problem is that I add the licens to a IP71 running 4.1 before I installed 4.1 Backward Compatility om my mgmt server. I constatly get the message " Warning: Can't find ::CPVP-VSO-1-3DES-MGMT-V41 in cp.macro. License version might be not compatible" When i try to remove the license with cplic del I get: C:\>cplic del IP71 CK-XXXXXXXXXXXX
Warning: Can't find ::CPVP-VSO-1-3DES-MGMT-V41 in cp.macro. License version might be not compatible Operation Failed. License not found in database. C:\> What am I doing wrong? Am I right when I say that you have to install 4.1 Backward Compatility before you can add 4.1 products? Best Regards, Ole Jakobsen =================================================
=================================================
**********************************************************************
This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses. www.uk.didata.com
------------------------------ Date: Mon, 19 Aug 2002 17:59:50 +0100
Make sure you haven't any policy objects with the words 'firewall' in them... -----Original Message-----
Hello all, I've a problem while migrating to FP2. When I set it up on a isolated network, everything goes ok. When I plug it into the live network, the fw functions ok, but trying to use the policy editor ends with a "please verify that fwm is running". FWM seems to crash with an "Illegal Operation" when launched by hand. Any idea/similar case ? We're using (or trying) FW-1 NG FP2 on solaris8, with MPU license, unlimited IP. JF --
=================================================
**********************************************************************
This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses. www.uk.didata.com
------------------------------ Date: Mon, 19 Aug 2002 17:59:02 +0100
Have you got the right license installed ?
-----Original Message-----
Hi, good morning. Recently, I moved my firewall from one machine to another, I backed-up my conf directory and copy that directory to my new installation. Everything works fine!,I have all my old objects, rules, etc. The only thing that does not work is one VPN!!! Is there something else besides the conf directory that has to be copied in order to have the VPN working again? I have seen that in my old server I have two processes running that I do not have in the new one, the name of these processes are ISAKMPD and MDQ, what are they? and why they are not running in ny new server?, is this a reason why the VPN is not working? As always thank you very much =================================================
**********************************************************************
This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses. www.uk.didata.com
------------------------------ Date: Mon, 19 Aug 2002 14:16:21 -0400
I will be out of the office starting 08/19/2002 and will not return until 08/24/2002. I will respond to your message when I return. ------------------------------ Date: Mon, 19 Aug 2002 14:39:47 -0400
Is not that easy... when you add the firewall object to a Community, the VPN in the left pannel that you say changes... Some one at Check Point sayd that you can only use certificates, no longer preshared secret with FP2... FP3 will support preshared secrets.... L. -----Mensaje original-----
Para: [email protected]
Pre-shared secret: Open up your firewall object
Julian |---------+---------------------------------------------->
>-----------------------------------------------------------------------
>-----------------------------------------------------------------------
Hi lads, Once again I come to you seeking for help. Before I had a Check Point FW1 NG FP2 with many gateway-to-gatewway VPNs configured. In FP1 there was no "if via" column in the rule base (for those of you who've already seen FP2), to configure a VPN you just go to the firewall object, VPN tab and set the preshared secret for it, then in the rulebase's action you set "encrypt". Now, FP2 handles VPNs differently: you must set comunities and add firewall objects to those communities. The question is that I don't know where to edit the preshared secret. In the firewall object's VPN tab all you can set is the community that firewall belongs to. Can any body help me on that one... Thanks a lot. Leonardo Boulton Network Security Engineer
=================================================
________________________________________________________________________
**********************************************************************
NOTICE:
********************************************************************** ________________________________________________________________________
=================================================
------------------------------ Date: Mon, 19 Aug 2002 15:16:01 -0400
How is it that every time I have ever done an upgrade to a CheckPoint product, I always get screwed over by some stupid licensing problem? And it always includes SecuRemote, which I'm told is free, yet requires you to jump up and down 18 times, look towards the sun, howl like a wolf, and eat a witches broth before you can get the license string straightened out. If I'm supposed to be able to use SecuRemote without any extra money, why doesn't it just WORK? It's really too bad there aren't other products as good as this one, because the hassles with the licensing make it barely worth it. -Rick, waiting on his vendor to provide a useful certificate key for SecuRemote for NG so that the new upgraded firewall actually works all the way. ------------------------------ Date: Mon, 19 Aug 2002 15:31:58 -0400
Anyone know the specifics of what the "Update Site" button does in the Secure Remote/Secure Client. It is difficult to find any good documentation on this. I have heard that it downloads the userc.c file, but is it doing anything else?? The question has come up about this also providing some "synchronization" for clients that use SecureID. I have looke for a while now, and I'm hoping someone knows. Thanks ------------------------------ Date: Mon, 19 Aug 2002 15:09:26 -0500
I seemed to have developed the same problem in the last couple of months. I haven't been able to figure out what has caused it. If anyone knows how to resolve this issue, please let me know as well. Thank you, Paul Orr ------------------------------ Date: Mon, 19 Aug 2002 15:50:38 -0500
Update site causes userc.C to be reread and recreated. In general, this is not frequently used.
greg Carric Dooley wrote:
-- _______________________________________________________________
------------------------------ Date: Mon, 19 Aug 2002 16:55:26 -0400
Tomi, That's wonderful, but when will your support staff be able to help with issues regarding Stonebeat and NG? We have many open tickets with your organization and absolutely no resolution. I guess I would summarize this by saying from my perspective, the lights are on and nobody's home at Stonesoft. =======================================
-----Original Message-----
Hi, StoneBeat FullCluster 3.0 SP1 for Check Point FW-1 NG FP2 was submitted for OPSEC certification at the beginning of July. We are waiting Check Point's acceptance for the certification for Windows 2000 platform during week 34. OPSEC certification for Solaris platform will follow in near future. StoneBeat FullCluster 3.0 SP1 fully supports Check Point FW-1 NG FP2 already. Latest released StoneBeat FullCluster versions (15.8.2002): - StoneBeat FullCluster 3.0 SP1 for Linux
Please download the latest software versions and release notes from Stonesoft Web site: http://www.stonesoft.com/download/ Regards, Tomi Kononow
Date: Fri, 16 Aug 2002 01:28:47 -0700
Sorry for the late interrupt,
=================================================
------------------------------ Date: Tue, 20 Aug 2002 07:25:53 +0800
hahahahahaah...nagpapadala ka rin pala dito :-D -----Original Message-----
Hi! I have a lab wherein I am simulating the setup below: Objective: Let external IPs (172.16.0.0/16) connect to the Internet services on the 10.0.0.0/8 network FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1 [172.16.3.20/172.16.30.20] -------------- External The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two valid (logically) IP addresses are bound that will act as external IP addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate multiple NICs. I did the following already on the Policy: SOURCE DESTINATION SERVICE ACTION
For the NAT, I have these: [ORIGINAL PACKET] [TRANSLATED PACKET]
I also retrieved the MAC address of the NIC of the FW-1 and added it on the local.arp and installed the policy. On the article from PhoneBoy, it mentioned the IP spoofing configuration. I am not familiar with the said configuration? After following the steps (except for the IP spoofing), it still doesn't work. According to the log, the traffic from the external is being accepted by 172.16.30.20, but that's it; there's no indication that the traffic is being forwarded or translated to 10.0.0.4; but the FTP traffic is being accepted by 172.16.30.20. I also have this route on my routing table (NT4.0): Network Destination Netmask Gateway Interface Metric
Am I missing something? Any feedback is highly appreciated. Thanks,
=================================================
------------------------------ Date: Mon, 19 Aug 2002 23:32:55 +0000
Hi Frank, I think I'm in the same problem that you are. We already have FP2 with SBFC 3.0 with a lot of problems. Stonesoft is giving us no response and also checkpoint. Iwill apreciate if you can send me the problems that you are having and maybe we can help us each other. Thanks
>-- Original Message --
------------------------------ Date: Fri, 16 Aug 2002 15:05:46 -0400
Another easy way to view if vrrp is working..... ifconfig -a if a port -- for any reason good or bad -- believes it is the master, it will list the virtual ip address and the virtual mac address with the actual interface. none of these methods --as far as i know -- will tell you directly if monitored circuit is configured correctly. you will have to test each port in a failure scenario and use all the aforementioned methods to verify that the correct box and ports are now the vrrp master(s). to fail ports you can either pull cables or use the nokia voyager to de-activate the logical layer for the duration of the test. just be careful that you do not cut yourself off from the box. good luck
----- Original Message -----
> Your best bet is to click "Monitor" and not Config, then have a look
------------------------------ Date: Tue, 20 Aug 2002 00:30:42 -0400
This is a multi-part message in MIME format. --Boundary_(ID_vHXAxun+sbuTKTv3cc/F6Q)
I am experiencing a weird problem and hope someone may have seen this before. I have done a clean install of Checkpoint NG on an NT Server (Management) and a Nokia IP650 (enforcement point). All licensing is OK, I can download policy, the status manager reports a "connected state", etc. My problem is that when telnetting to the Nokia IP650, I get no activity at the telnet console, BUT 1) the checkpoint logs indicate an accepted packet
One last thing. When the firewall software package is turned off (similar to uninstalling), then telnet. I have not had a chance to sniff/tcpdump the problem yet. Regards
--Boundary_(ID_vHXAxun+sbuTKTv3cc/F6Q)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2712.300" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV>I am experiencing a weird problem and hope someone may have seen this before.<BR><BR>I have done a clean install of Checkpoint NG on an NT Server (Management) and a Nokia IP650 (enforcement point). All licensing is OK, I can download policy, the status manager reports a "connected state", etc.<BR><BR>My problem is that when telnetting to the Nokia IP650, I get no activity at the telnet console, BUT<BR><BR>1) the checkpoint logs indicate an accepted packet<BR>2) a "netstat -an" at the Nokia IP650 indicates an established telnet connection.<BR>3) a "netstat -an" at any PC I have telnetted from indicates an established telnet connection.<BR>4) I have tried this with MS command line telnet and hyperterminal and seen identical issues.<BR><BR>One last thing. When the firewall software package is turned off (similar to uninstalling), then telnet.</DIV> <DIV><BR>I have not had a chance to sniff/tcpdump the problem yet.<BR><BR>Regards<BR>Bill</DIV></BODY></HTML> --Boundary_(ID_vHXAxun+sbuTKTv3cc/F6Q)-- ------------------------------ End of FW-1-MAILINGLIST Digest - 18 Aug 2002 to 19 Aug 2002 (#2002-234)
|