| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] RE: Nokia Static Routes -- Correction
As I stated to my VAR, I was talking about IP440s and IP650s, not 200s. I
didn't know anything about a restriction on statics for the 440s+, so I was
surprised when the Nokia guy alledgedly mentioned this. Bear in mind that
this was a relayed conversation via my VAR, so if the information is
incorrect, it's not my fault. =P I went looking to them for info, not the
other way about. I'm more than happy to stand corrected. If I'd had a proper
statement from Nokia on this in the first place, as I felt I was justified
in expecting, then I wouldn't be relaying a second hand conversation with my
VAR.
respectfully,
Scott.
Side note (OT) - how did you find doing the CISSP? =) I was considering
doing it and just wondered about your opinions on the course topics/exam.
-============================-
Scott McMeekin (x25086)
Senior Technical Analyst
IT Telecoms
The Royal Bank of Scotland
Phone: +44(0)Email: [email protected]
-============================-
> -----Original Message-----
> From: Dallas Bishoff [SMTP:[email protected]]
> Sent: Friday, October 20, 2000 8:48 PM
> To: McMeekin, Scott; [email protected]; [email protected]
> Cc: [email protected]
> Subject: Nokia Static Routes -- Correction
>
>
> *** Warning : This message originates from the Internet ***
>
> Howdy:
>
> Just a quick correction, the VPN 200 product family has a restriction of
> "63" static routes for the 210/220 product line, and the 230/240 can
> handle
> "63" dynamic routes. There are also firewall feature limitations.
> However,
> the IP300/400/650 products DO NOT have these restrictions.
>
> The 200 product family is not intended to be used as a primary firewall
> for
> companies, but rather as a remote site VPN solution. If you need more
> than
> 63 routes, use the other product lines.
>
> As for the "disappearing routes", I agree -- that is a serious problem.
> Personally, I've never seen it happen, and don't hope to.
>
> Regards!!!
>
> Dallas N. Bishoff
>
> CISSP
> MCSE+I, MCT, CCA, ICE, CCSE,
> Nokia Security Administator (NSA) & Instructor,
> RSA Certified SecurID Support Engineer
> blah, blah, blah...
>
>
>
>
> From: "McMeekin, Scott" <[email protected]>
> To: "'[email protected]'" <[email protected]>, Cristian Nicolae
> <[email protected]>
> CC: "'[email protected]'"
> <[email protected]>
> Subject: RE: [FW1] Nokia: Possible serious bug in IPSO Voyager interface.
> Date: Fri, 20 Oct 2000 16:43:07 -0000
>
>
> Thanks for this RB - I'll check it out.
>
> Further to this, I got a response from my VAR on this. Apparently Nokia
> declined to give out an official announcement on this but what they did
> say
> was that they are aware of a flaw in the voyager interface that could be
> in
> some way linked to the way Netscape caches pages. They apparently said
> that
> you are restricted to 64 static routes in the interface, but after that
> anything goes... I wasn't very happy with that to be honest - god knows
> what
> was going through the developers minds to put in a hard coded restriction
> like that if that's true.
>
> What they DID say was that this bug would be addressed in IPSO release
> v3.3,
> which should be available in the next few weeks sometime, and that they
> recommended upgrading to that version when possible.
>
> I have to say, I'm a bit disappointed in Nokia's attitude on this. As far
> as
> I'm concerned, any alledged bug that causes routing entries to become
> disabled is, in my view very serious - if CISCO routers had a bug that
> caused routes to vanish, you'd be damn sure that CISCO would move hell and
> high water to reassure people that it would be fixed immediately, and
> they'd
> be releasing announcements to reduce the exposure of people using their
> products. I don't want anyone to take this out of context - this has only
> happened twice in 2 years of using the Nokia IP range, but twice is one
> more
> than a "flash in the pan" incident. I've grown to trust and respect the
> Nokia product range as being of a cut above the rest in both quality of
> product, and also quality of support. "Oh we think the next release will
> fix
> it - wait till then, and by the way, we're not going to tell anyone else
> about it" is an unacceptable response, especially considering even
> Micro$oft
> release immediate hotfixes for bugs that impact service.
>
> Disappointed,
>
> Scott.
>
> -============================-
> Scott McMeekin (x25086)
> Senior Technical Analyst
> IT Telecoms
> The Royal Bank of Scotland
> Phone: +44(0)> Email: [email protected]
> -============================-
>
> > -----Original Message-----
> > From: Rogue Bolo [SMTP:[email protected]]
> > Sent: Friday, October 20, 2000 3:29 PM
> > To: Cristian Nicolae; McMeekin, Scott
> > Cc: '[email protected]'
> > Subject: Re: [FW1] Nokia: Possible serious bug in IPSO Voyager
> > interface.
> >
> >
> > *** Warning : This message originates from the Internet ***
> >
> > Using Voyager to add static routes is not a generally
> > reliable mechanism. I suggest that you use the
> > addstatic utility which is available from the support
> > site. It lets you import a flat file of static routes
> > and correctly inserts them into the configuration
> > database. If you are extremely careful, you can
> > manually edit the active.db and initial.db files to
> > add static routes. If this is not done properly the
> > routes will not stick. Voyager should not be relied
> > upon for detail of static route information, rather
> > the show routes from iclid.
> >
> > --- Cristian Nicolae <[email protected]>
> > wrote:
> > >
> > > Scott,
> > > I am running the same version of IPSO and once I had
> > > a situation similar
> > > to yours.
> > > I have about 12 static routes configured on the box.
> > >
> > > Once it happened to me that one was lost.
> > > As it only happened to me once I didn't payed too
> > > much attention.
> > > One lesson I learned from then was to look very
> > > carefully at the static
> > > routing table after a new static route is added and
> > > afterwards saved in
> > > Voyager.
> > >
> > > Have you static routes disspeared after the routing
> > > table was changed
> > > somehow in Nokia
> > > (add or remove a route)?
> > >
> > > Cristian
> > >
> > >
> > >
> > >
> > > "McMeekin, Scott" wrote:
> > > >
> > > > Hi,
> > > >
> > > > I am unable to reproduce this problem, but it's
> > > happened twice now and it's
> > > > causing real concern. Has anyone else who is
> > > running Nokia firewalls ever
> > > > experienced an inexplicable loss of a variable
> > > number of static routes? I'm
> > > > using F-secure ssh v1.0 and Netscape Navigator to
> > > securely forward the http
> > > > Voyager interface to an IP440 running IPSO 3.2.1.
> > > >
> > > > What happened was at some point in the last couple
> > > of days I've been using
> > > > the voyager interface to look at a few things (no
> > > changes were made). Today
> > > > I get a call to say some connectivity has been
> > > lost, and on checking various
> > > > routing tables in other routers, certain routes
> > > appeared to have vanished. I
> > > > checked the firewall and Lo and Behold, 15 static
> > > routes (which get
> > > > redistributed internally) had vanished! After the
> > > initial scratching of
> > > > heads, I restored the IPSO backup and all was
> > > well, however this a serious
> > > > enough occurance to merit immediate and thorough
> > > investigation.
> > > >
> > > > Anyone experienced this before I go wading into
> > > the support channels?
> > > >
> > > > Many thanks,
> > > >
> > > > Scott.
> > > >
> > > > The Royal Bank of Scotland plc is registered in
> > > Scotland No 90312. Registered Office: 36 St Andrew
> > > Square, Edinburgh EH2 2YB.
> > > >
> > > > The Royal Bank of Scotland plc is regulated by
> > > IMRO, SFA and Personal Investment Authority.
> > > >
> > > > This e-mail message is confidential and for use by
> > > the addressee only. If the message is received by
> > > anyone other than the addressee, please return the
> > > message to the sender by replying to it and then
> > > delete the message from your computer.
> > > >
> > > > 'Internet e-mails are not necessarily secure. The
> > > Royal Bank of Scotland plc does not accept
> > > responsibility for changes made to this message
> > > after it was sent.'
> > > >
> > > >
> > >
> >
> ==========================================================================
> > ======
> > > > To unsubscribe from this mailing list, please
> > > see the instructions at
> > > >
> > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> >
> ==========================================================================
> > ======
> > >
> > >
> > >
> >
> ==========================================================================
> > ======
> > > To unsubscribe from this mailing list, please
> > > see the instructions at
> > >
> > > http://www.checkpoint.com/services/mailing.html
> > >
> >
> ==========================================================================
> > ======
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Messenger - Talk while you surf! It's FREE.
> > http://im.yahoo.com/
>
>
> The Royal Bank of Scotland plc is registered in Scotland No 90312.
> Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
>
> The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal
> Investment Authority.
>
> This e-mail message is confidential and for use by the addressee only. If
>
> the message is received by anyone other than the addressee, please return
> the message to the sender by replying to it and then delete the message
> from
> your computer.
>
> 'Internet e-mails are not necessarily secure. The Royal Bank of Scotland
> plc
> does not accept responsibility for changes made to this message after it
> was
> sent.'
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions
> at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment Authority.
This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer.
'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.'
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
