Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?

To: [email protected]
Subject: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?
From: Nico De Ranter <[email protected]>
Date: Fri, 4 Jan 2002 08:44:43 +0100
In-reply-to: <[email protected]>; from [email protected] on Thu, Jan 03, 2002 at 06:17:38PM -0800
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mutt/1.2.5i

On Thu, Jan 03, 2002 at 06:17:38PM -0800, Micah Baker wrote:
> I went through a similarly frustrating upgrade, but after doing a scratch
> install with NG FeaturePack-1 I have had zero problems.  I think they were
> in a hurry to release, and have been patching it up.  FeaturePack-1 seems to
> be what the original release SHOULD have been...

That's kind of the reply we got from Checkpoint when we were doing the upgrade
to NG (initial release) and called Checkpoint for support: not realy meant to
be an upgrade... no realy ready... :-)

Nico

>
> Micah
>
> -----Original Message-----
> From: Zeltser, Roman [mailto:[email protected]]
> Sent: Thursday, January 03, 2002 2:13 PM
> To: [email protected]
> Subject: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use
> ?
>
> My coworkers said: do not run NG on Wintel!
>
> **********************************
> Roman Zeltser,
> @National Computer Center,
> RSIS & DNE
>
>
>
> -----Original Message-----
> From: Mark Whitworth [mailto:[email protected]]
> Sent: Thursday, January 03, 2002 2:51 PM
> To: [email protected]
> Subject: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use
> ?
> Importance: High
>
>
> I know someone asked if NG was ready for general use, and others have been
> asking how soon they could get it.  I would like to mention some problems
> we've seen and see if anyone else has seen the logging issue specifically,
> and I would wholeheartedly say that if you upgrade - BEWARE!!
>
> We have been running FW-1 for years on multiple firewalls, all Wintel boxes.
> Most recently, we were on 4.1 with the latest service packs on top of NT 4.0
> SP6a.  We upgraded in a rolling fashion onto clean Win2K installs and tried
> to import our objects/policies as instructed. Following the instructions on
> how to do this and in various FAQs yielded only hours of frustration.  We
> had to rebuild from scratch.
>
> Although we got our site-site VPNs up, we have seen a multitude of other
> errors.  DNS/AD errors via the site-to-site VPN that did not previously
> exist, and which do not occur when tunneled alternatively via Netscreens.
> Securemote failures due to missing SKU line items on paid-for (not eval)
> licenses from the Checkpoint site!!!!  Intermittent object errors on policy
> verification on objects that have not been modified in any way.  Errors on
> trying to delete objects, with advice to contact technical support.  To top
> it off, BSODs on multiple installs of FP1.
>
> Actually, there is even one more issue we've seen which rivals the BSODs.
> We have "front door" and "back door" firewalls which protect different
> numbers of hosts.  The front door firewalls have always had unlimited
> licenses, while the back door firewall had a 250 count license because we
> have roughly that many hosts.  In our 4.1 and even mixed 4.1-NG
> environments, we saw no logging issues.  However, as soon as we took the
> back door firewall to NG, now when it detects "too many internal hosts
> (typically due to transient laptops), it logs an error to our central
> management station and ALL firewalls stop logging!!!!!  Actually, at some
> point we still see logged events, but it ultimately fails and no items after
> that error are displayed in the gui any more.  To reinitiate, you have to
> clear the appropriate files, CPSTOP/CPSTART, and reinstall putkeys.  Talk
> about the most screwed up thing ever.  TOTALLY UNACCEPTABLE, and if any of
> you are on this borderline, I recommend you not upgrade.  We will likely
> upgrade our license, but this is not the manner in which this should have
> been handled.  I requested an eval license and even though Checkpoint
> technical support told me this was not the issue, and we had no logging
> problems until the day after it expired.  Same issue.
>
> These items have all been reported to and ignored by Checkpoint.  Largely
> the reason we are evaluating other products.
>
> Mark Whitworth
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?
  - From: Micah Baker <[email protected]>

Prev by Date: [FW-1] RTSP Over fw1 4.1
Next by Date: [FW-1] URI Filter
Previous by thread: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?
Next by thread: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?
Index(es):
- Date
- Thread