[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VPN-1 250 -vs- VPN-1 500

To: 'frank darden' <fdarden@locked.com>, "'Brazil, Jody'" <jody@kcfishnet.com>
Subject: RE: [FW1] VPN-1 250 -vs- VPN-1 500
From: jerald <jerald.josephs@iprg.nokia.com>
Date: Tue, 4 May 1999 00:44:03 +0100
Cc: fw-1-mailinglist@lists.us.checkpoint.com

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Is it possible that the Solaris firewall does not
recognize that the Nokia firewall is part of the encryption
domain that belongs to the Nokia firewall?

That is my first thought.

SP8 was never released on the Nokia platform.  It supports
3.0b.p3078plus, which is all of the 3078 fixes known to other
platforms and some additional fixes that are part of SP8.

This version of FireWall-1 should be managed by SP8 running
on the Management Server, should one exist.

--- jerald



> -----Original Message-----
> From: frank darden [mailto:fdarden@locked.com]
> Sent: Tuesday, May 04, 1999 12:15 AM
> To: Brazil, Jody; 'Jerald Josephs'
> Cc: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] VPN-1 250 -vs- VPN-1 500
> 
> 
> Have you set rule 0 to "before last"? "The packet" is not 
> sufficient. What
> type of packet, and what type of service? I have this type of config
> running in several locations. The fact that you arent seeing 
> anything in
> the log leads me to knee jerk and think that rule 0 is 
> allowing the traffic
> before it hits your encrypt rule. Of course this is 
> speculation on my part,
> but its worth looking at.
> 
> Frank
> 
> At 12:11 PM 5/3/99 -0500, Brazil, Jody wrote:"
> >
> >There appears to be an issue with the Remote link (Nokia) 
> version 3.0.4
> >(Check Point version 3.0b SP8) using manual IPSec to a 
> Solaris Firewall.
> >The symptom is this:
> >
> >The packet gets sent from the network behind the Nokia to a machine
> >behind the Solaris Firewall and appears to get properly 
> encrypted.  This
> >is visible in the Nokia logs.  
> >
> >Nothing appears in the Solaris firewall logs!  
> >
> >Running snoop on the Solaris firewall shows several things:
> >	
> >	First, the packet does make it to the Solaris Firewall
> >	Second, the packet is encapsulated (The source is the Nokia IP,
> >the destination is the Solaris firewall IP)
> >
> >
> >This all looks good, but the Solaris Firewall is apparently not
> >decrypting the packet (for no apparent reason).
> >
> >It is worth noting that in the release notes for version 3.0.1 it
> >states, "Problems with IPSEC between Nokia and other platforms (NT,
> >Solaris)."
> >
> >A very vague and unhelpful release note!
> >
> >If anyone has any information regarding this issue, your 
> help would be
> >greatly appreciated.
> >
> >Jody Brazil
> >
> >
> >
> >=============================================================
> ==============
> =====
> >     To unsubscribe from this mailing list, please see the 
> instructions at
> >               http://www.checkpoint.com/services/mailing.html
> >=============================================================
> ==============
> =====
> >
> >
> Mission Critical Systems. Your network security solutions provider
> http://www.locked.com
> The sender of this email is responsible for its content. 
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Securemote & NT
Next by Date: [FW1] Anti-virus servers
Prev by thread: RE: [FW1] VPN-1 250 -vs- VPN-1 500
Next by thread: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255
Index(es):
- Date
- Thread