I've also seen this kind of problem between two Nokias running
CheckPoint. I think it was 3.8.1 009 or something. The vpn SAs would
lose sync and using vpn tu to throw away the SAs fixed it.
Try upgrading the Check Point to the newest HFA and if the platform is
Nokia, definitely upgrade that image.
Date: Fri, 26 May 2006 13:48:19 +0300
From: Chontzopoulos Dimitris <dchontzo AT ABC DOT GR>
Subject: [FW1] Strange problem with Site-to-Site VPN
Hey Gurus,
I've been having one extremely strange problem with a Site-to-Site VPN.
The VPN is being established via a Leased-Line (not over the Internet) between
our Firewall (Check Point Firewall-1/VPN-1 R55W AI)
and a CiSCO VPN Concentrator 3000 on the Client Side. What happens is that if
the line between us goes down for a reason, our side
fails to identify that, so, it keeps encrypting the data without re-negotiating
for new keys. The only way for the VPN to be
re-established is to manually clear my keys through "vpn tu" and then send then
some traffic. After that, the VPN goes up again.
Now, I've never seen this happen before and I've got no problems at all with
the rest of my remaining 40+ Site-to-Site VPN's with
other Clients through the Internet. This issue only happens with them. I also
have 2 additional VPN's with other CiSCO VPN
Concentrator(s) 3000 without any problems.
Has anyone seen this before? Is there something I can do?
Cheers,
Dimitris
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 04:10:53 -0700
From: cisco4ng <cisco4ng AT YAHOO DOT COM>
Subject: Re: [FW1] Strange problem with Site-to-Site VPN
1) make sure you run the latest code on the VPN concentrator.
2) make sure you enable "iskamp keepalive on the concentrator"
yes, I've seen this issue many times. It calls VPN interaoperability issue
between
vendors.
Chontzopoulos Dimitris <dchontzo AT ABC DOT GR> wrote:
Hey Gurus,
I've been having one extremely strange problem with a Site-to-Site VPN.
The VPN is being established via a Leased-Line (not over the Internet) between
our Firewall (Check Point Firewall-1/VPN-1 R55W AI)
and a CiSCO VPN Concentrator 3000 on the Client Side. What happens is that if
the line between us goes down for a reason, our side
fails to identify that, so, it keeps encrypting the data without re-negotiating
for new keys. The only way for the VPN to be
re-established is to manually clear my keys through "vpn tu" and then send then
some traffic. After that, the VPN goes up again.
Now, I've never seen this happen before and I've got no problems at all with
the rest of my remaining 40+ Site-to-Site VPN's with
other Clients through the Internet. This issue only happens with them. I also
have 2 additional VPN's with other CiSCO VPN
Concentrator(s) 3000 without any problems.
Has anyone seen this before? Is there something I can do?
Cheers,
Dimitris
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Ring'em or ping'em. Make PC-to-phone calls as low as 1�/min with Yahoo!
Messenger with Voice.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 08:06:09 -0400
From: Ramki Security <ramki.security AT GMAIL DOT COM>
Subject: Re: mac address
Checkpoint being an IP firewall, doesn't work on MAC address. Hence I
don't think there is a way to do this. By the way, why you want to do this?
Ramki
CCNA, CCSE-NGAI
Roberto Gonz�lez Sagredo wrote:
> Hi,
>
> I would like to know if it is possible to create objects in Firewall-1 VPN
> Pro based on its MAC address instead of its IP number.
>
> Regards
>
> ___________________________________
> Roberto Gonz�lez Sagredo
> Director de Sistemas
> mailto:rgonzalez AT comunet DOT es
>
> ComuNET S.A.
> Gral. Concha 39,6�
> 48012 Bilbao Espa�a
> Tel: +34 944 700 101
> Fax: +34 944 700 185
> http://www.comunet.es
> ___________________________________
>
>
> ----------------------------------------------------------------------------
>
>
> Este correo electr�nico contiene informaci�n privada que puede estar legalmente protegida,
parcial o totalmente. Es s�lo para uso del destinatario al que est� dirigido. Si ha recibido este
mensaje por error, le rogamos que lo notifique al remitente del email y que adem�s borre de su sistema el mensaje
as� como todas sus copias, incluyendo las posibles copias del mismo en su disco duro, y se abstenga de
usar, revelar, distribuir a terceros, imprimir o copiar ninguna de las partes de este mensaje.
>
>
> Los datos personales que pueda contener el presente mensaje, ya sea en su contenido o en los
destinatarios, cumplen con lo establecido en la Ley Org�nica 15/1999, de 13 de diciembre,
de Protecci�n Datos de Car�cter Personal.
>
>
> ----------------------------------------------------------------------------
>
>
> This e-mail contains proprietary information some or all of which may be
legally protected. It is for sole use of the intended recipient only. If you
have received this message by mistake, you are requested to notify the e-mail
sender and erase both the message and any copies from your system, including
hard disk copies. You are further requested to refrain from using,
distributing to third parties, printing or making copies of any parts of this
message.
>
>
> The personal data that may appear in this e-mail message are in accordance
with the Organic Law 15/1999 of 13 December on the Protection of Personal Data.
>
>
> ----------------------------------------------------------------------------
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 15:52:39 +0300
From: Chontzopoulos Dimitris <dchontzo AT ABC DOT GR>
Subject: Re: [FW1] Strange problem with Site-to-Site VPN
Well, the client who is using the PIX has "ISAKMP Keepalive" enabled but =
I don't know whether or not their running the latest
firmware.
=20
The thing is that the client is able to bring the VPN up-and-running by =
pinging one my hosts, but, this is not the case for me. It
seems as if the VPN Concentrator realizes whether or not the in-between =
link has gone down so as to request for a key re-negotiation
when the link comes up-and-running again, as opposed to my Check Point =
Firewall that when the link comes back on again, it tries to
use the same keys as before and the VPN fails... This is the crazy thing =
about it...
_____ =20
From: cisco4ng [mailto:cisco4ng AT yahoo DOT com]=20
Sent: Friday, May 26, 2006 2:11 PM
To: Mailing list for discussion of Firewall-1
Cc: dchontzo AT ABC DOT GR
Subject: Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN
1) make sure you run the latest code on the VPN concentrator.
=20
2) make sure you enable "iskamp keepalive on the concentrator"
=20
yes, I've seen this issue many times. It calls VPN interaoperability =
issue between
vendors.
Chontzopoulos Dimitris <dchontzo AT ABC DOT GR> wrote:
Hey Gurus,
I've been having one extremely strange problem with a Site-to-Site VPN.
The VPN is being established via a Leased-Line (not over the Internet) =
between our Firewall (Check Point Firewall-1/VPN-1 R55W AI)
and a CiSCO VPN Concentrator 3000 on the Client Side. What happens is =
that if the line between us goes down for a reason, our side
fails to identify that, so, it keeps encrypting the data without =
re-negotiating for new keys. The only way for the VPN to be
re-established is to manually clear my keys through "vpn tu" and then =
send then some traffic. After that, the VPN goes up again.
Now, I've never seen this happen before and I've got no problems at all =
with the rest of my remaining 40+ Site-to-Site VPN's with
other Clients through the Internet. This issue only happens with them. I =
also have 2 additional VPN's with other CiSCO VPN
Concentrator(s) 3000 without any problems.
Has anyone seen this before? Is there something I can do?
Cheers,
Dimitris
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
_____ =20
Ring'em or ping'em. Make PC-to-phone
<http://us.rd.yahoo.com/mail_us/taglines/postman11/*http://us.rd.yahoo.co=
m/evt=3D39666/*http://voice.yahoo.com> calls as low as 1=A2/min
with Yahoo! Messenger with Voice.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
------------------------------
Date: Fri, 26 May 2006 05:59:20 -0700
From: cisco4ng <cisco4ng AT YAHOO DOT COM>
Subject: Urgent help: Changing SmartDashboard from using tcp port 18190 to
something else
Hi Guys,
Is it possible to change the TCP port of the GUI in the Provider-1 MDG or
SmartDashboard and Tracker to use other tcp port instead of the default
tcp 18190 port (CPMI)? Is there something in the registry setting in windows
that the GUI run on that I can do to make it happen?
The reason I want to do it is my Provider-1 sit behind a Cisco router and
I am doing redirect on the router to get to my Provider-1 via MDG. The
MDG works fine but I can not redirect the same port twice on the Cisco router
or Cisco Pix for that matter. With Windows Remote desktop I can redirect
port 3390 to tcp 3389 by typing the command 129.174.1.13:3390.
Is it possible with either MDG or SmartDashboard. Thanks a lot for your help.
cisco4ng
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
---------------------------------
Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just 2�/min
with Yahoo! Messenger with Voice.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 07:20:44 -0700
From: cisco4ng <cisco4ng AT YAHOO DOT COM>
Subject: Re: [FW1] Strange problem with Site-to-Site VPN
Are you talking about Pix or Concentrator? You can also enable isakmp keepalive
on the concentrator via either the CLI or GUI.
They key is to make sure that the concentrator firmware is up-to-date. It
will
resolved your issues. I am running R55w on my nokia and it works with
the CPN concentrator perfectly. but i am running the latest code on the
concentrator.
cisco4ng
Chontzopoulos Dimitris <dchontzo AT ABC DOT GR> wrote:
Well, the client who is using the PIX has "ISAKMP Keepalive" enabled but I
don't know whether or not their running the latest
firmware.
The thing is that the client is able to bring the VPN up-and-running by pinging
one my hosts, but, this is not the case for me. It
seems as if the VPN Concentrator realizes whether or not the in-between link
has gone down so as to request for a key re-negotiation
when the link comes up-and-running again, as opposed to my Check Point Firewall
that when the link comes back on again, it tries to
use the same keys as before and the VPN fails... This is the crazy thing about
it...
_____
From: cisco4ng [mailto:cisco4ng AT yahoo DOT com]
Sent: Friday, May 26, 2006 2:11 PM
To: Mailing list for discussion of Firewall-1
Cc: dchontzo AT ABC DOT GR
Subject: Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN
1) make sure you run the latest code on the VPN concentrator.
2) make sure you enable "iskamp keepalive on the concentrator"
yes, I've seen this issue many times. It calls VPN interaoperability issue
between
vendors.
Chontzopoulos Dimitris wrote:
Hey Gurus,
I've been having one extremely strange problem with a Site-to-Site VPN.
The VPN is being established via a Leased-Line (not over the Internet) between
our Firewall (Check Point Firewall-1/VPN-1 R55W AI)
and a CiSCO VPN Concentrator 3000 on the Client Side. What happens is that if
the line between us goes down for a reason, our side
fails to identify that, so, it keeps encrypting the data without re-negotiating
for new keys. The only way for the VPN to be
re-established is to manually clear my keys through "vpn tu" and then send then
some traffic. After that, the VPN goes up again.
Now, I've never seen this happen before and I've got no problems at all with
the rest of my remaining 40+ Site-to-Site VPN's with
other Clients through the Internet. This issue only happens with them. I also
have 2 additional VPN's with other CiSCO VPN
Concentrator(s) 3000 without any problems.
Has anyone seen this before? Is there something I can do?
Cheers,
Dimitris
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_____
Ring'em or ping'em. Make PC-to-phone
calls as low as 1�/min
with Yahoo! Messenger with Voice.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 17:35:44 +0300
From: Chontzopoulos Dimitris <dchontzo AT ABC DOT GR>
Subject: Re: [FW1] Strange problem with Site-to-Site VPN
Sorry, my fault, I wanted to say VPN Concentrator, but instead I said PIX :D
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of cisco4ng
Sent: Friday, May 26, 2006 5:21 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN
Are you talking about Pix or Concentrator? You can also enable isakmp keepalive
on the concentrator via either the CLI or GUI.
They key is to make sure that the concentrator firmware is up-to-date. It
will
resolved your issues. I am running R55w on my nokia and it works with
the CPN concentrator perfectly. but i am running the latest code on the
concentrator.
cisco4ng
Chontzopoulos Dimitris <dchontzo AT ABC DOT GR> wrote:
Well, the client who is using the PIX has "ISAKMP Keepalive" enabled but I
don't know whether or not their running the latest
firmware.
The thing is that the client is able to bring the VPN up-and-running by pinging
one my hosts, but, this is not the case for me. It
seems as if the VPN Concentrator realizes whether or not the in-between link
has gone down so as to request for a key re-negotiation
when the link comes up-and-running again, as opposed to my Check Point Firewall
that when the link comes back on again, it tries to
use the same keys as before and the VPN fails... This is the crazy thing about
it...
_____
From: cisco4ng [mailto:cisco4ng AT yahoo DOT com]
Sent: Friday, May 26, 2006 2:11 PM
To: Mailing list for discussion of Firewall-1
Cc: dchontzo AT ABC DOT GR
Subject: Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN
1) make sure you run the latest code on the VPN concentrator.
2) make sure you enable "iskamp keepalive on the concentrator"
yes, I've seen this issue many times. It calls VPN interaoperability issue
between
vendors.
Chontzopoulos Dimitris wrote:
Hey Gurus,
I've been having one extremely strange problem with a Site-to-Site VPN.
The VPN is being established via a Leased-Line (not over the Internet) between
our Firewall (Check Point Firewall-1/VPN-1 R55W AI)
and a CiSCO VPN Concentrator 3000 on the Client Side. What happens is that if
the line between us goes down for a reason, our side
fails to identify that, so, it keeps encrypting the data without re-negotiating
for new keys. The only way for the VPN to be
re-established is to manually clear my keys through "vpn tu" and then send then
some traffic. After that, the VPN goes up again.
Now, I've never seen this happen before and I've got no problems at all with
the rest of my remaining 40+ Site-to-Site VPN's with
other Clients through the Internet. This issue only happens with them. I also
have 2 additional VPN's with other CiSCO VPN
Concentrator(s) 3000 without any problems.
Has anyone seen this before? Is there something I can do?
Cheers,
Dimitris
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_____
Ring'em or ping'em. Make PC-to-phone
calls as low as 1�/min
with Yahoo! Messenger with Voice.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 10:23:43 -0600
From: Mark Senior <Mark.Senior AT GOV.AB DOT CA>
Subject: Re: Urgent help: Changing SmartDashboard from using tcp port 18190 to
something else
Have you tried the facilities in the client OS for port forwarding?
If it's windows (I guess it has be be for the GUI to run)
netsh interface portproxy add v4tov4 listenport=18190
connectaddress=(yourciscorouter) connectport=(somerandomport) protocol=tcp
Then you could connect to 18190 on 127.0.0.1, the connection would be forwarded
to the random port on the cisco router, and then on to 18190 on the
smartconsole.
Yes, it's quite ugly, but your configuration sounds somewhat kludgy to start
with. Anyway, I hope this helps
Regards
Mark
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of cisco4ng
Sent: 26 May, 2006 06:59
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Urgent help: Changing SmartDashboard from using tcp port 18190
to something else
Hi Guys,
Is it possible to change the TCP port of the GUI in the Provider-1 MDG or
SmartDashboard and Tracker to use other tcp port instead of the default
tcp 18190 port (CPMI)? Is there something in the registry setting in windows
that the GUI run on that I can do to make it happen?
The reason I want to do it is my Provider-1 sit behind a Cisco router and
I am doing redirect on the router to get to my Provider-1 via MDG. The
MDG works fine but I can not redirect the same port twice on the Cisco router
or Cisco Pix for that matter. With Windows Remote desktop I can redirect
port 3390 to tcp 3389 by typing the command 129.174.1.13:3390.
Is it possible with either MDG or SmartDashboard. Thanks a lot for your help.
cisco4ng
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
---------------------------------
Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just 2�/min
with Yahoo! Messenger with Voice.
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to LISTSERV AT
amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 19:50:45 +0300
From: sin <sin AT IMACANDI DOT NET>
Subject: Re: mac address
Ramki Security wrote:
> Checkpoint being an IP firewall, doesn't work on MAC address. Hence I
> don't think there is a way to do this. By the way, why you want to do
> this?
one reason would be to want to filter traffic based on mac address
(let's say: I want only traffic from a.b.c.d.e.f mac to have access to
the internet).
as a side note, it's a pitty that no one at CKP implemented this in
their products.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
Date: Fri, 26 May 2006 14:44:57 -0700
From: Peter Addy <waveman38 AT YAHOO DOT COM>
Subject: Re: Upgrade or clean install of R55
Hi
Yest it does, many thnks for your help
Cheers
cisco4ng <cisco4ng AT YAHOO DOT COM> wrote:
Hi,
You did not mention the type of installation you have, i.e. standalone or
distribution.
1) if you have standalone, I would advise using the upgrade_export and
upgrade_import tool. That way, you can have a "fresh" install of IPSO and
Checkpoint and then upgrade_import your configuration. This is a much cleaner
way
than upgrade recommended by checkpoint/nokia
2) if you have distribution installation, just save the /config/active file on
the Nokia.
After wipe the nokia clean. Install new IPSO and checkpoint and apply the old
active
file. This method require that you do cpconfig and re-SIC the Nokia with the
management server
On the management, you do upgrade-export. have a clean management server
and upgrade-import the configuration. SIC with the Nokia and repush the policy.
3) Last but not least, detatch and re-attach the license to the Nokia
enforcement
modules. by the way, the license is the same between NG FP3 and AI.
does it help?
Peter Addy wrote:
Hi
Can someone please advise me whether it is best to upgrade from FP3 as opposed
to a fresh install of checkpoint of R55, not really 100% sure what path i
should take here.
Checkpoint recommended upgrade, only clean install if the kernel has been
modified in anyway. The IPSO be upgraded from 3.6 to 3.9 on various platforms.
I suppose the only difference here is that if i choose upgrade, i do not have
to bother wil cpconfig, licence etc
Thanks for your help
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Be a chatter box. Enjoy free PC-to-PC calls with Yahoo! Messenger with Voice.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
------------------------------
End of FW-1-MAILINGLIST Digest - 25 May 2006 to 26 May 2006 (#2006-141)
***********************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
