Re: [FW-1] Log server

Subject:	Re: [FW-1] Log server
From:	Chris Hoff <choff AT CORNERSTONESECURITY DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 24 May 2004 09:23:18 -0500

Bill,

First of all, what version of Check Point are you running. I assume you
are probably running NG FP3 or greater. Also, how are you doing NAT for
the mgmt station? If you are doing manual NAT, you will probably want to
change that to Automatic NAT on the mgmt Station. In the NAT tab you
will notice there is a check box to "Apply for VPN-1 & FireWall-1
Control Connections." You will want to use this check box to eliminate
your problem.

Regards,

Chris

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Harmon,
Bill
Sent: Monday, May 24, 2004 8:05 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Log server

Good Morning,

I am having an issue with my implementation that I am hoping someone
else has seen/worked around.



I have 3 sites, site 1 is a Nokia IP350 VRRP site with 2 appliances. My
management station is behind this site. My other 2 sites are single
IP350.



I have a static NAT address set up for the management station. The issue
is that If I have the private IP address of the management station on
the general tab of the management station object, only the site 1
servers send logs. If I use the public IP on the general tab, only the
remote servers report their logs to the management station.



I can do a TCPdump and see that the enforcement modules are trying to
send to the IP address that is assigned on the general tab. I have a
host file setup on each Nokia with the private IP of the management
station on site 1 modules and the public IP on the remote modules.



Is there a way to force the modules to use the host file for address
translation instead of the rulebase objects?



Thanks



Bill Harmon

NSI Software Network Administrator




=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Log server, Harmon, Bill [FW-1] searching for a Smart Defense DOC, theG man Re: [FW-1] Log server, Chris Hoff <= Re: [FW-1] Log server, Harmon, Bill Re: [FW-1] Log server, Harmon, Bill

Previous by Date:	Re: [FW-1] ClusterXL CPLS with Nortel Hardware, Chris Hoff
Next by Date:	[FW-1] ASD Server (Automatic Software Distribution), Ruiyuan Jiang
Previous by Thread:	[FW-1] searching for a Smart Defense DOC, theG man
Next by Thread:	Re: [FW-1] Log server, Harmon, Bill
Indexes:	[Date] [Thread] [Top] [All Lists]