Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Floodgate Problems

To: [email protected]
Subject: Re: [FW-1] Floodgate Problems
From: Jeremy Morrill <[email protected]>
Date: Tue, 18 Dec 2001 20:09:52 -0500
Comments: To: Ed Davidson <[email protected]>
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I am running CheckPoint Firewall-1 v4.1 SP5 on a Nokia IP530 Running
IPSO v3.4.1. Are you running this same configuration?
                        -JRM


-----Original Message-----
From: Ed Davidson [mailto:[email protected]]
Sent: Tuesday, December 18, 2001 5:37 PM
To: 'Jeremy Morrill'
Subject: RE: [FW-1] Floodgate Problems

Not sure what to say -- mine is working..  as an example
I have a network object that defines my entire lan, all subnets.
It is defined for dest www.iwon.com 's IP range.  The rule limits
that destination to 300bps -- which I can very easliy see
is working.

Just one example of many I have that affect an entire network..
I have *ALL object rules as well, and they work...

There have been issues with versions prior to 4.1sp5, are
you current?

-----Original Message-----
From: Jeremy Morrill [mailto:[email protected]]
Sent: Tuesday, December 18, 2001 4:16 PM
To: 'Ed Davidson'
Subject: RE: [FW-1] Floodgate Problems


        I originally had Floodgate configured for my Internet interface
but was told that the reason I couldn't see networks traffic usage in
realtime monitor or shape the bandwidth based on network is that
bandwidth policys happen after NAT. I can see protocol usage just fine,
I can see individual computers just fine and shape on that criteria but
I can not effect an entire network, never mind view it in realtime
monitor.
        Since then I have tried the internal interface and have had
virtually the same result as the external interface. I.E. No shaping of
networks or visibility through realtime monitor.  Again protocols or
specific machines work great but viewing or shaping networks just
doesn't work.
                                -JRM

-----Original Message-----
From: Ed Davidson [mailto:[email protected]]
Sent: Tuesday, December 18, 2001 4:13 PM
To: 'Jeremy Morrill'
Subject: RE: [FW-1] Floodgate Problems

Just a guess

Have you gone into your FIREWALL object and enabled Floodgate on
it?  Only enable it on your NIC that is on the outside of the
firewall (IE on the internet)  otherwise you will have problems.

imho Floodgate rocks.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Jeremy
Morrill
Sent: Tuesday, December 18, 2001 2:21 PM
To: [email protected]
Subject: [FW-1] Floodgate Problems


        I have a Nokia IP530 running Checkpoint Firewall-1 v4.1 SP5 and
Floodgate. I am having problems getting traffic to be effected by
network. I.E. Realtime monitor doesn't see any traffic coming from that
network and does not shape it either. Realtime monitor shows a flat line
for that networks traffic. If I create a workstation object for a single
computer on that network and change the bandwidth rule to only effect
that workstation I can see the workstations traffic in Realtime monitor
and the bandwidth policy actually works. What could I be doing wrong
that floodgate doesn't understand a network but understands the
workstation just fine? The network object works great in my security
policy.
                                                -JRM

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed.  If you have received this email
in error please reply to the sender of the message.

The views expressed in this correspondence may not
reflect the views of Prime, Inc.

This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] "Make sure that the user is properly defined on the firewall"
Next by Date: [FW-1] Routing for 2 vlans
Previous by thread: [FW-1] Floodgate Problems
Next by thread: [FW-1] Question about local.ft file
Index(es):
- Date
- Thread