NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IPSO3.4/SSH



 
You need to upgrade your packages as well when you make the jump away from
IPSO 3.2.1.  

Chris

-----Original Message-----
From: Jose Reyes
To: [email protected]
Sent: 9/7/01 11:22 AM
Subject: [FW1] IPSO3.4/SSH




Since I upgrade to 3.4 sshd does not want to start automatically after a
reboot.  I am able to start it manually but I frequently get this error
message : [LOG_DEBUG] sshd-x[2937]: debug: tvp!=NULL kid 0 mili 10 IPSO
3.4-FCS4A #767:" .
My setup is a IP440 upgraded from 3.2 FW1 SP2 to 3.4 FW1 SP4. I was
running
the F-Secure ssh package before the upgrade and disabled it.

Any ideas?
TIA





-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Chris H
Sent: Thursday, September 06, 2001 4:49 PM
To: [email protected]
Subject: [FW1] Strange Network Issue after FW-1 4.1 SP4 Upgrade



LAN/WAN configuration:
LAN (Srvs) - Router (Srvs) - Router (HQ) - LAN (HQ) -
Firewall - Router - Internet
LAN (Srvs) IP address 172.16.65.0/24
Router (Srvs) e0 IP 172.16.65.1/24
Router (HQ) e0 IP 172.16.60.2/24
LAN (HQ) 172.16.60.0/24 and 172.16.80.0/24
The router to router connection is a leased line frame
relay connection.

FW: NT FW-1 4.1 SP4 internal NIC 172.16.60.1/24
secondary address on same internal NIC 172.16.80.1/24

Issue:
After Upgrading to SP4
WINTEL PCs in Srvs cant map drives on the HQ
172.16.60.0 LAN. HQ NT/WINTEL nodes can map drives on
the Srvs LAN.

Data:
Sniffer placed in Srvs shows traffic originates from
PC goes to Srvs router, and never returns.
Sniffer placed in HQ show traffic from Srvc src from
the HQ router to the HQ node and the HQ node sends the
traffic to the FW then the FW never responds back to
either node.

Successful Test:
Added a static route to the HQ node to point traffic
from .65 back to the HQ router 172.16.60.2 and the
Srvs PC maps without problem.
Traffic originating in HQ can always reach nodes in
Srvc.

Checked:
FW to make sure it has a static route pointing .65
back to Srvs.

Question:
Why would a node that received traffic from a router
on the same segment pass the traffic to the FW at the
MAC level?  It knows the originator, but the sniffer
shows that the HQ node just turns and passes the
traffic to the FW MAC as if it thought that it
originated from the FW.

Anybody seen this before?
Thanks


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo!
Messenger
http://im.yahoo.com


========================================================================
====
====
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
====
====




========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.