[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] CheckPoint 4.0 to NG

To: [email protected]
Subject: Re: [FW-1] CheckPoint 4.0 to NG
From: Russell Washington <[email protected]>
Date: Mon, 13 May 2002 08:09:29 -0700
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Oh yeah, one other thing.  Some of our VPNs tanked.  4.0 is not capable of
supporting subnet-to-subnet negotiation in Phase 2.  4.1 and NG are.  When
you do the upgrade, our firewall objects all had subnet negotiation enabled
by default.  Needless to say, if the other end of the tunnel isn't ready to
support this change to the negotiation of the tunnel, the negotiation will
fail.

Solution:  If you have a tunnel that won't come up after the upgrade, find
the firewall object pertaining to the guy at the other side, and deselect
subnet negotiation (while editing the object, under VPN in the tree, edit
the IKE properties if I recall).

-----Original Message-----
From: Perbix, Michael [mailto:[email protected]]
Sent: Monday, May 13, 2002 6:48 AM
To: [email protected]
Subject: Re: [FW-1] CheckPoint 4.0 to NG


Billy please pass this info on when you get it, I am about to do the same
thing....

> ----------
> From:         Billy Chan
> Reply To:     Mailing list for discussion of Firewall-1
> Sent:         Monday, May 13, 2002 4:58 AM
> To:   [email protected]
> Subject:           [FW-1] CheckPoint 4.0 to NG
>
> Dear all,
>
> I'm using CheckPoint Firewall -1 4.0 on NT perform and no need for the
> VPN feature. I'm now study if that we should upgrade from 4.0 to NG or
> not. Who can tell me where I can't find the documents about the
> different between 4.0 and NG and the problems that I will meet during
> the migration.
>
> Thanks,
> Billy
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] WINS Question
Next by Date: Re: [FW-1] IKE tunnel between 4.1 sp5 and cisco pix.
Prev by thread: Re: [FW-1] CheckPoint 4.0 to NG
Next by thread: [FW-1] AW: [FW-1] NG: ftp reject: reason tried to open tcp service port, port XYZ
Index(es):
- Date
- Thread