[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Looking for answers!

To: fw_news@mail.diodes.com
Subject: Re: [FW1] Looking for answers!
From: sirving@ca.ibm.com
Date: Wed, 1 Sep 1999 09:38:12 -0400
Cc: fw-1-mailinglist@lists.us.checkpoint.com

1. If you use Client auth then when you authenticate only for that rule.  Using
Implicit Client authentication allows the one authentication then to work for
all standard sign on rules.  It is most commonly used for https access since
authentication wouldn't work for https (this might be fixed in the latest patch
or I might be completely wrong).

2. No you don't need the static route for hide mode and you will only need to
publish an arp entry if the hide address is not the same as the external IP

3. Can't be done.  You will need to get another external address.


fw_news@mail.diodes.com on 08/27/99 06:09:16 PM

Please respond to fw_news@mail.diodes.com

To:
cc:   fw-1-mailinglist@lists.us.checkpoint.com
Subject:  [FW1] Looking for answers!




    [ Part 2: "Attached Text" ]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]




1. What is Implicit Client Authentication exactly, compared to Client Auth?

2. Does it require to add a static ROUTE to the routing table and publish an ARP
   entry on the Firewall-1 if I use HIDE mode NAT and also enable the automatic
   NAT rules creation?

3. Using HIDE mode of NAT, how can I setup an internal FTP or other kind of
   Internet serices inside the Firewall-1? ( Concern is only one legal IP at the
   Firewall-1, which shares services as FTP, SMTP, Telnet etc. as well as
   internal users getting Internet access from inside FW-1)

Thanks!

____________________Reply Separator____________________
Subject:    [FW1] RE:
Author: GOHARI Pejman <pejman.gohari@cegetel.fr>
Date:       08/27/1999 5:53 PM


Exactly,
You are right ...

the problem became the version of Solaris ...
I installed a Soalris 2.6 FR    !-/     and Firewall-1 doesn't like Solaris
version fr !
ans when I install Solaris 2.6  US ...  no problem !



> -----Message d'origine-----
> De:        sirving@ca.ibm.com [SMTP:sirving@ca.ibm.com]
> Date:        vendredi 27 août 1999 14:45
> À:        GOHARI Pejman
> Cc:        'fw-1-mailinglist@lists.us.checkpoint.com'; 'security@net2s.com'
> Objet:        Re:
>
>
>
> I would suspect from the message that the LANG (language??) enviromnent
> variable
> has to be set.
>
>
> GOHARI Pejman <pejman.gohari@cegetel.fr> on 08/25/99 11:15:48 AM
>
> Please respond to GOHARI Pejman <pejman.gohari@cegetel.fr>
>
> To:   "'fw-1-mailinglist@lists.us.checkpoint.com'"
>       <fw-1-mailinglist@lists.us.checkpoint.com>
> cc:   "'security@net2s.com'" <security@net2s.com>
> Subject:
>
>
>
>
>
>
> Hi all,
>
> I did a test of upgrade Solstis Firewall-1 v3  to CheckPoint Firewall-1 v4
> SP1 !
> My Os is Soalris 2.6 on Sparc Ultra 2 .
>
> and when I launch fwpolicy, I have these Warning :
>
>  ./fwpolicy
> Wind/U Warning (270): Individual setting of locale environment variables
> unsuppo
> rted (LC_CTYPE); set LANG instead.
> Wind/U Warning (270): Individual setting of locale environment variables
> unsuppo
> rted (LC_NUMERIC); set LANG instead.
> Wind/U Warning (270): Individual setting of locale environment variables
> unsuppo
> rted (LC_TIME); set LANG instead.
>
>
> but I can obtain my GUI and all is OK !
> SO do you know if this a  problem significant?
> and what are the consequences ?
>
> --
> Pejman GOHARI
> CCSE
>
> pgohari@net2s.com
> NET2S    http://www.net2s.com
>
>
>
>
>
>
>
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] TCP_TIMEOUT, perhaps?
Next by Date: [FW1] Routing Problems
Prev by thread: Re: [FW1] TCP_TIMEOUT, perhaps?
Next by thread: [FW1] Routing Problems
Index(es):
- Date
- Thread