CiscoR1 ----CiscoPix----CiscoR2
R1 is doing eBGP with R2 with MD5 authentication. Customer is migrating from
Cisco Pix
to Checkpoint NGx R61 with HFA_01.
In Cisco Pix, I have this:
static (inside,outside) 192.168.1.1 192.168.1.1 netmask 255.255.255.255
norandomseq
where 192.168.1.1 is the IP address of R1.
because the way ebgp authentication works, the tcp sequence randomizer must
be turned
of on the Pix. If the customer is moving to a checkpoint firewall, I think
it will break eBGP.
Can someone show me how to disable tcp sequence randomization in checkpoint.
I know
most firewall vendors implement tcp sequence randomization but I don't know
how to disable
it in Checkpoint. Thanks.
cisco4ng
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
