Re: [FW-1] Edge setup - getting close!

Subject:	Re: [FW-1] Edge setup - getting close!
From:	Chris Hoff <choff AT CORNERSTONESECURITY DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 25 Jun 2004 08:59:37 -0500

I just got off the phone with Check Point for the same problem (except
we are using IP40s). This is a known issue with all the sofaboxes, and
there is supposed to be a new version of the firmware coming out on
Monday to address it. The issue I am going to have is the firmware will
have to go through Nokia's Q&A before being released, so I will not be
able to apply it until who knows when.

Ray - is there a reason that the Star community presents a problem for
you? I do know for a fact that is the answer if you are wanting to route
all internet traffic through the Corporate Office (CO). The one thing
you are going to have to make sure you address is routing issues once
the packet leaves the CO headed to the internet (probably have to NAT
outgoing connections from the remote offices).

Chris

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: Thursday, June 24, 2004 10:07 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Edge setup - getting close!

Yeah, I saw some of that  also until I got it managed by the SmartCenter
server. I'm going to add its encryption domain to our network monitoring
system and ping it every minute to get a better feel for what's going
on.

I was seeing continuous traffic flow from the Edge encryption domain but
the reverse was what was intermittent. Oddly, one of my internal subnets
could ping it all the time but a couple others couldn't do it and I was
seeing a "no valid SA" message in the log from those subnets.

In other words, some subnets were two-way and others were one-way,, from
the Edge to them but not back.

What firmware version are you on?

Ray

>From: Stala <stala AT TAMPABAY.RR DOT COM>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: Re: [FW-1] Edge setup - getting close!
>Date: Thu, 24 Jun 2004 20:57:44 -0400
>
>I keep getting a problem with the encryption domain going away, the
>tunnel is still up but no traffic will flow and then for no reason at
>all the traffic starts flowing again, Lots more testing will need to be
done....
>----- Original Message -----
>From: "Ray" <sixsigma44 AT HOTMAIL DOT COM>
>To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>Sent: Thursday, June 24, 2004 4:50 PM
>Subject: Re: [FW-1] Edge setup - getting close!
>
>
>Nothing personal, Chris, but I hope that's wrong...  :-)
>
>Although I was leaning as to that being the answer. <sigh>
>
>Ray
>
>
> >From: Chris Hoff <choff AT CORNERSTONESECURITY DOT COM>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Subject: Re: [FW-1] Edge setup - getting close!
> >Date: Thu, 24 Jun 2004 10:51:59 -0500
> >
> >In order to route all traffic through the vpn, you have to be using a

> >star community and check the radio button to route all traffic
> >through the hub.
> >
> >Regards,
> >
> >Chris
> >
> >-----Original Message-----
> >From: Mailing list for discussion of Firewall-1
> >[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
> >Sent: Wednesday, June 23, 2004 10:05 PM
> >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Subject: Re: [FW-1] Edge setup - getting close!
> >
> >Turns out it is, although not as fast as I thought it would. It's not

> >logging traffic coming in via the VPN, just stuff trying to go to
> >targets outside of the primary gateway VPN Dmain, which it is showing

> >as "accept"
> >and not "encrypt".
> >
> >So I'm back to my original quandry of how to make it route eveything
> >down the VPN. Is this just not possible in a mesh VPN or could it be
> >done with a static route somehow?
> >
> >I dunno...
> >
> >Ray
> >
> > >From: Ray <sixsigma44 AT HOTMAIL DOT COM>
> > >Reply-To: Mailing list for discussion of Firewall-1
> > ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> > >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > >Subject: [FW-1] Edge setup - getting close!
> > >Date: Wed, 23 Jun 2004 19:49:29 -0400
> >
> > >Second problem: How do I get the Edge box to send its logs to the
> > >SmartCenter server? I can't see that it's doing that.
> >
> >_________________________________________________________________
> >Make the most of your family vacation with tips from the MSN Family
> >Travel Guide! http://dollar.msn.com
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages, send an email to
> >LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list, please see the instructions at

> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your subscription options,

> >email fw-1-owner AT ts.checkpoint DOT com
> >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages, send an email to
> >LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list, please see the instructions at

> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your subscription options,

> >email fw-1-owner AT ts.checkpoint DOT com
> >=================================================
>
>_________________________________________________________________
>Is your PC infected? Get a FREE online computer virus scan from
McAfee(r)
>Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>=================================================
>To set vacation, Out-Of-Office, or away messages, send an email to
>LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your subscription options,
>email fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages, send an email to
>LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your subscription options,
>email fw-1-owner AT ts.checkpoint DOT com
>=================================================

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from
McAfee(r) Security.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Chris Hoff Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Stala Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Stala Re: [FW-1] Edge setup - getting close!, Chris Hoff <= Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Chris Hoff Re: [FW-1] Edge setup - getting close!, Ray Re: [FW-1] Edge setup - getting close!, Stala Re: [FW-1] Edge setup - getting close!, Ray

Previous by Date:	Re: [FW-1] Problems with SecureClient and Internet Explorer?, Ray
Next by Date:	Re: [FW-1] problems with SecuRemote, Chris Hoff
Previous by Thread:	Re: [FW-1] Edge setup - getting close!, Stala
Next by Thread:	Re: [FW-1] Edge setup - getting close!, Ray
Indexes:	[Date] [Thread] [Top] [All Lists]