[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Enable Performance Pack
Hi All
I need enable the "Perfomance Pack" in NG FP2 Build 52910
running in Secure Plataform (Linux). I have a license for this product.
My server is a "IBM X-Series 342 Dual 1.26 Ghz".
Any idea ??
Thanks !!!
Marcus Azevedo
----- Original Message -----
From: "Nabil Gmira" <[email protected]>
To: <[email protected]>
Sent: Friday, September 13, 2002 1:54 PM
Subject: Re: [FW-1] Advice required. Design of a fw architecture
> Vlan are supported in checkpoint NG FP2 and Nokia IPSO 3.5. I use 3 vlans
on
> my external interface ! Checkpoint does'nt make any difference between a
> vlan interface and an real physical interface.
>
> On the nokia i set up 3 vlans, and the port of the Catalyst switch where
the
> physical interace of the Nokia is plugged is configured as a 802.1q Trunk.
> I added the vlan hot fix in order to support more than 64 interface
(virtual
> and real together).
>
> It works !
>
> Nabil GMIRA
> CMG France
>
> > -----Original Message-----
> > From: Alberto Salerno [mailto:[email protected]]
> > Sent: vendredi 13 septembre 2002 16:29
> > To: [email protected]
> > Subject: Re: [FW-1] Advice required. Design of a fw architecture
> >
> >
> > Hallo,
> >
> > As far as I know vlan tagging and trunking is not supported
> > by Check Point FW-1
> > (except in the VSX version).
> >
> > Moreover, the underlying operating system must also support
> > VLAN tagging in
> > order to work.
> >
> > If I'm right, Nokia is offering something in this field with
> > IPSO 3.6 (3.5 was
> > also offering those fetures, but 3.6 brings lots of fixes for
> > vlan trunking and
> > Gigabit Ethernet).
> >
> > Nevertheless, this is also an hybrid solution: Check Point on
> > Nokia does not
> > understand VLAN tagging (exception VSX recently released for
> > Nokia) and you
> > have to configure ACL at IPSO level.
> >
> > So maybe not the best solution (and quite expensive due to
> > VSX), but should
> > work.
> >
> > Remember that valan is not a security feature! If you are
> > seriuosly interested
> > in security and vlan take a look at the SecureVLAN (or
> > something like that)
> > concept of Cisco, which offers "physical" vlan separation but at an
> > astronomical price (e.g. using CAT6500).
> >
> > Concerning clustering. With IPSO 3.6 Nokia is offering Check
> > Point HA, which is
> > not as refined as StoneBeat but should at least work.
> >
> > Hasta Luego.
> >
> > Alberto
> >
> > Scrive Anuska Arag�n Fern�ndez <[email protected]>:
> >
> > > Hello all,
> > >
> > > In our University we are planning a firewall configuration
> > like this one:
> > >
> > > |
> > > | 35 Mbps
> > > |
> > > ISP Router
> > > |
> > > | 20 Mbps
> > > |
> > > -------
> > > vlan 1 -------- | | -----DMZ1 (external servers www,
> > ldap, dns, ...)
> > > | fw1 |
> > > vlan 2 ---------| |------DMZ2 (other departmental
> > external servers)
> > > (2000) -------
> > > |
> > > | Internal Servers (dns, www, ldap, nfs, ...)
> > > |
> > > -------
> > > | |
> > > vlan 3 ---------| fw2 | ------- BD servers
> > > (500) | |
> > > -------
> > >
> > > Different users are grouped in vlans depending on their
> > profile. Each vlan
> > > has his own dns server (secondary), dhcp server, and a web
> > proxy cache
> > > server.
> > > Students are in vlan1, professors in vlan2 and
> > administrative staff in vlan3.
> > > This vlans are isolated between themselves (at least for
> > the moment, although
> > > we have to plan for exceptions).
> > >
> > > Access to BD servers is performed only from people in vlan3
> > and from the
> > > internal web server.
> > >
> > > External servers are relays to our internal servers.
> > >
> > > We have many doubts about where to put mail server(s). We
> > think we should put
> > > antivirus server in the DMZ.
> > >
> > > Fw1 and fw2 will be clusters. We are thinking in StoneBeat
> > FullCluster, any
> > > comments?
> > >
> > > We have been told that fw1 will not support all the
> > traffic, because it will
> > > have to do also a great amount of internal routing, but we
> > don't want to mix
> > > routers in the architecture because we want to control all
> > traffic from a
> > > single point.
> > >
> > > Another discussion we have is where to put people from
> > computer center (us).
> > > Should we have another vlan?
> > >
> > > Any suggestion or advice will be greatly appreciated. If
> > you think we are
> > > missing something, and also, if you think we are doing something (or
> > > everything) wrong we'll thank very much you comments.
> > >
> > > Greetings,
> > >
> > > --
> > > A n u s k a A r a g � n
> > > Servicio Inform�tico e-mail:
> > [email protected]
> > > Universidad de La Rioja Tf.: +34 941 299233
> > > Av. de La Paz 93, 26004 Logro�o Fax: +34 941 299180
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>
>
> **********************************************************************
> Cet email et tout fichier attache est confidentiel.
> Ils ne peuvent etre utilises que par la personne ou l'organisation
> a laquelle ils sont destines. Si vous avez recu ce message par erreur
> veuillez en avertir votre administrateur systeme.
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> CMG France
> **********************************************************************
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================