Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Packets not being encrypted

To: Neil Pike <[email protected]>, "[email protected]" <[email protected]>
Subject: Re: [FW1] Packets not being encrypted
From: Chris F <[email protected]>
Date: Thu, 15 Feb 2001 13:43:02 -0800 (PST)
In-reply-to: <[email protected]>
Sender: [email protected]

Yes, I have -- in a similar situation.

In fighting with Firewall-1 (FW1) and Nortel's
Contivity (NV) box to get a VPN 3DES connection to
work -- that is what happened.

It seems that FW1 wants to be your best friend. If it
can't follow the encryption rule, then it will do the
second best thing and toss it out unencrypted (after
all -- the rule *implies* accept).

I could not get my FW1 v4.1 SP2 box to IKE with their
NC box. When they sniffed their traffic, they were
getting my raw, unencrypted, packets.

Strange, no?

I would think that CP needs to adjust the encryption
"policy" from *implies* access to "only access if".

Thanks -- Chris

--- Neil Pike <[email protected]> wrote:
> 
>  I haven't seen this hands on yet, only helped to
> "debug" it over the
> phone, but assuming they haven't misconfigured, has
> anyone seen/heard of a
> bug whereby nfs/rpc portmapper (udp) packets are not
> encrypted/tunneled
> even though there is a rule there to do it?  They
> get to the remote
> firewall "in-clear", destined for the destination
> global address (rather
> than the remote firewall interface) and are dropped
> by rule-0 because they
> haven't been encrypted.
>  
>  NT/Firewall 4.1 SP3 on the local end and Nokia IPSO
> 3.2.1/Firewall 4.1 SP2
> on the remote end.
> 
>  Neil Pike 
>  Protech Computing Ltd
> 
>  
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Packets not being encrypted
  - From: Neil Pike <[email protected]>

Prev by Date: [FW1] "Log Server went down..." Logging to Master
Next by Date: Re: [FW1] Very strange mail issue..
Previous by thread: [FW1] Packets not being encrypted
Next by thread: Re: [FW1] Packets not being encrypted
Index(es):
- Date
- Thread