[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] CP 4.1 Sp3 on Windows 2000 Tips
After 2 successfull installations, I am confident enough to give some Windows 2000 tips to everyone out there who was as nervous as I was about Windows 2000 and Checkpoint. 1) An IKE VPN will NOT work until you stop the IPSec Policy Agent service built-in to Windows 2000 - I beat myself up over it for 2 days before finally figuring it out. Stopping additional services below probably assisted as well. 2) Along with that service, here is the bare minumum list of services required in order for checkpoint to run. Due to lack of support on Windows 2000 performance tuning, basically I set EVERY service to Manual and left Event Log, the 2 Checkpoint Services and SNMP as automatic - after that, these are the services that were started. I tried to disable RPC, but it is bad news, it took nearly 2 hours for the machine to finish booting and unlock the service and event databases. Service Name Setting Check Point ELA Proxy Automatic Checkpoint VPN-1/Firewall-1 Automatic Event Log Automatic Plug and Play Automatic Remote Procedure Call (RPC) Automatic (Would love to remove if someone knows how) RunAs Service Automatic (this is by choice) SNMP Service Automatic WMI Automatic (Would love to remove if someone knows how) WMI Driver Extensions Manual (Dito here) COM+ System Event Manual (Necessary for Event Log) Network Connections Manual Remote Access Conn. Mgr. Manual Telepony Manual (Remote Access Conn. Mgr. depends on it) 3) Standard security checks on ethernet connections - Make sure netbios is disabled over tcp/ip on both adapters, unbind Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks. 4) Lastly, but certainly not least, your firewall won't do ANYTHING until you make the registry change to route packets between adapters. This is the replacement for the NT 4.0 checkbox concerning IP Routing under tcp/ip properties. Key Value HKLM\System\CurrentControlSet\Services\Tcpip\Parameters IPEnableRouter:REG_DWORD:0x1 I am still game to some registry tweaks for performance, but it seems like with the hardware available now, the differences are tiny (at T1 speeds any how). Cheers, Jamie (bootip on EFnet) The information transmitted by the following E-Mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use, or taking any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately atext. 3600 and delete the communication from any computer or network system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|