Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Telnet Access to Nokia IP650 as a Checkpoint NGEnforcement Point

To: [email protected]
Subject: Re: [FW-1] Telnet Access to Nokia IP650 as a Checkpoint NGEnforcement Point
From: Crist Clark <[email protected]>
Date: Tue, 20 Aug 2002 11:00:35 -0700
Organization: Globalstar Communications
References: <009a01c24802$5909e3b0$640110ac@cc247073d>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> Bill wrote:
>
> I am experiencing a weird problem and hope someone may have seen this before.
>
> I have done a clean install of Checkpoint NG on an NT Server (Management) and a Nokia IP650 (enforcement point).  All licensing is OK, I can download policy, the status manager reports a "connected state", etc.
>
> My problem is that when telnetting to the Nokia IP650, I get no activity at the telnet console, BUT
>
> 1)  the checkpoint logs indicate an accepted packet
> 2)  a "netstat -an" at the Nokia IP650 indicates an established telnet connection.
> 3)  a "netstat -an" at any PC I have telnetted from indicates an established telnet connection.
> 4)  I have tried this with MS command line telnet and hyperterminal and seen identical issues.
>
> One last thing.  When the firewall software package is turned off (similar to uninstalling), then telnet.
>
> I have not had a chance to sniff/tcpdump the problem yet.

How long do you wait before decide there is no telnet activity? DNS?
Does DNS work correctly on your firewall when policy is enforced? You
might be waiting for the firewall to do the reverse-lookup on the client.
Let the telnet session sit for at least a full minute or two before
deciding there is no activity. Also, try something like 'netstat -a'
(rather than '-n') on the server and see if that hangs up when you are
doing the attempts.
--
Crist J. Clark                               [email protected]
Globalstar CommunicationsThe information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Telnet Access to Nokia IP650 as a Checkpoint NGEnforcement Point
  - From: Bill <[email protected]>

References:
- [FW-1] Telnet Access to Nokia IP650 as a Checkpoint NG Enforcement Point
  - From: Bill <[email protected]>

Prev by Date: Re: [FW-1] VPN SecuRemote FP2 IP Pool NAT on the same subnet
Next by Date: [FW-1] NG and Check Point 2000
Previous by thread: Re: [FW-1] Telnet Access to Nokia IP650 as a Checkpoint NG Enforcement Point
Next by thread: Re: [FW-1] Telnet Access to Nokia IP650 as a Checkpoint NGEnforcement Point
Index(es):
- Date
- Thread