Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] CP 4.1 Sp3 on Windows 2000 Tips

To: [email protected]
Subject: [FW1] CP 4.1 Sp3 on Windows 2000 Tips
From: [email protected]
Date: Sat, 28 Apr 2001 16:31:52 -0400
Sender: [email protected]
Thread-index: AcDQIWaUtiqUGMGqTB2o4vvJ+nMH3w==
Thread-topic: CP 4.1 Sp3 on Windows 2000 Tips

After 2 successfull installations, I am confident enough to give some
Windows 2000 tips to everyone out there who was as nervous as I was
about Windows 2000 and Checkpoint.

1) An IKE VPN will NOT work until you stop the IPSec Policy Agent
service built-in to Windows 2000 - I beat myself up over it for 2 days
before finally figuring it out.  Stopping additional services below
probably assisted as well.

2) Along with that service, here is the bare minumum list of services
required in order for checkpoint to run.  Due to lack of support on
Windows 2000 performance tuning, basically I set EVERY service to Manual
and left Event Log, the 2 Checkpoint Services and SNMP as automatic -
after that, these are the services that were started.  I tried to
disable RPC, but it is bad news, it took nearly 2 hours for the machine
to finish booting and unlock the service and event databases.

	Service Name			Setting
	Check Point ELA Proxy		Automatic
	Checkpoint VPN-1/Firewall-1	Automatic
	Event Log			Automatic
	Plug and Play			Automatic
	Remote Procedure Call (RPC)	Automatic	(Would love to
remove if someone knows how)
	RunAs Service			Automatic	(this is by
choice)
	SNMP Service			Automatic
	WMI				Automatic	(Would love to
remove if someone knows how)
	WMI Driver Extensions		Manual		(Dito here)
	COM+ System Event		Manual		(Necessary for
Event Log)
	Network Connections		Manual
	Remote Access Conn. Mgr.	Manual
	Telepony			Manual		(Remote Access
Conn. Mgr. depends on it)

3) Standard security checks on ethernet connections - Make sure netbios
is disabled over tcp/ip on both adapters, unbind Client for Microsoft
Networks and File and Printer Sharing for Microsoft Networks.

4) Lastly, but certainly not least, your firewall won't do ANYTHING
until you make the registry change to route packets between adapters.
This is the replacement for the NT 4.0 checkbox concerning IP Routing
under tcp/ip properties.

	Key
Value
	HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
IPEnableRouter:REG_DWORD:0x1

I am still game to some registry tweaks for performance, but it seems
like with the hardware available now, the differences are tiny (at T1
speeds any how).

Cheers,

Jamie (bootip on EFnet)
	



The information transmitted by the following E-Mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use, or taking any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately atext. 3600 and delete the communication from any computer or network system.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Nokia IP51?
Next by Date: [FW1]
Previous by thread: [FW1] Nokia IP51?
Next by thread: [FW1] Active Log
Index(es):
- Date
- Thread