Re: [FW-1] FP3 upgrade success

[Mitchell Silver <mitchell.silver@FW1-NOSPAMANITECALCULUS.COM>]

Sorry - spelling mistake - You can't change from Simplified Mode to
Traditional Mode without creating a new security policy from scratch.

----------------------------------------------------------------------------
-------------------------------------------------------
Mitchell Silver
Network Manager
Anite Calculus Ltd
Calculus House
Tel:      +44 (0) 20 7435 0070
6 Hampstead Gate
Fax:      +44 (0) 20 7794 1199
1A Frognal
Mob:     +44 (0) 07967 094 953
London  NW3 6AL
United Kingdom
Email:mitchell.silver@anitecalculus.com
----------------------------------------------------------------------------
-------------------------------------------------------
This email is from Anite Calculus Limited.  The e-mail and any files
transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.  If you have received
this e-mail in error please notify admin@anitecalculus.com
<mailto:admin@anitecalculus.com> or telephone
+44 (0) 20 7435 0070.
Any views expressed by an individual within this e-mail, which do not
constitute part of a legal contract,
do not necessarily reflect the views of the company.
----------------------------------------------------------------------------
-------------------------------------------------------


-----Original Message-----
From: Mitchell Silver [mailto:mitchell.silver@ANITECALCULUS.COM]
Sent: 15 October 2002 10:50
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] FP3 upgrade success

VPNs from NG to 4.1 firewalls don't work unless Traditional Mode is used,
and, unfortunately, you can change from Simplified Mode to Traditional Mode
without creating a new security policy from scratch

----------------------------------------------------------------------------
-------------------------------------------------------
Mitchell Silver
Network Manager
Anite Calculus Ltd
Calculus House
Tel:      +44 (0) 20 7435 0070
6 Hampstead Gate
Fax:      +44 (0) 20 7794 1199
1A Frognal
Mob:     +44 (0) 07967 094 953
London  NW3 6AL
United Kingdom
Email:mitchell.silver@anitecalculus.com
----------------------------------------------------------------------------
-------------------------------------------------------
This email is from Anite Calculus Limited.  The e-mail and any files
transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.  If you have received
this e-mail in error please notify admin@anitecalculus.com
<mailto:admin@anitecalculus.com> or telephone
+44 (0) 20 7435 0070.
Any views expressed by an individual within this e-mail, which do not
constitute part of a legal contract,
do not necessarily reflect the views of the company.
----------------------------------------------------------------------------
-------------------------------------------------------


-----Original Message-----
From: Lars Troen [mailto:Lars.Troen@PROXYCOM.NO]
Sent: 14 October 2002 21:53
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] FP3 upgrade success

One other thing that has stopped working is a IKE 3DES vpn to a 4.1
firewall. It did work right after the upgrade and it worked for atleast 12
hours after the upgrade (I'm not quite sure when it stopped working). I've
tried established the vpn with new shared secrets and tried with and without
aggresive mode (on both firewalls), but to no help.

Things that stops working after a while is really annoying. :(

Lars

> -----Original Message-----
> From: Lars Troen
> Sent: Monday, October 14, 2002 09:27
> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> Subject: Re: [FW-1] FP3 upgrade success
>
>
> One thing I noticed now that doesn't work is local.arp. There
> have been others reporting this problem with FP2, but I had
> it working fine here on FP2. Well, now it's obviously not
> working on FP3. We're not using automatic arp, but local.arp.
> And no, Automatic arp had not been enabled during the upgrade
> like one report here (on solaris) stated.
>
> When I was talking about updates, I was mainly talking about
> updates on FW1. Both IBM and HP are pretty quick with
> releasing fixes, but Checkpoint aren't always too fast with
> releasing fixes on fw1 for these operating systems.
>
> Lars
> > -----Original Message-----
> > From: Symon Thurlow [mailto:sthurlow@WEBVEIN.COM]
> > Sent: Sunday, October 13, 2002 23:43
> > To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> > Subject: Re: [FW-1] FP3 upgrade success
> >
> >
> > I agree,
> >
> > I ahve no problem at all using WIN32 platforms for
> > Checkpoint, if it is set up properly (hardened) I don;t see
> > that it is any worse, and like you say, MS are pretty quick
> > on bug fixes. WIndows update is an easy way to keep on top of
> > things if you are not proactive about it.
> >
> > -----Original Message-----
> > From: Lars Troen [mailto:Lars.Troen@PROXYCOM.NO]
> > Sent: 13 October 2002 21:58
> > To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> > Subject: Re: [FW-1] FP3 upgrade success
> >
> >
> > Symon,
> > Yes, I noticed that some had experienced problems with
> > w2ksp3. That's why I kept it down on w2ksp2. It has been up
> > and running for 8 hours now and it's still up and running. :)
> >
> > Lars
> >
> > PS: The reason I continued trying to get it up and working on
> > w2k instead of choosing an alternative platform, is that many
> > of our customers prefer that the firewall is running the same
> > platform as the rest of their servers (and they have had fw1
> > running on nt 3.51, 4.0, w2k for years). Many might argue
> > that this might not be too wise, but when fw1 is up and
> > running it's usually not any worse or better on win32 than
> > other platforms. And win32 has the past few years been a
> > platform where fixes has been released more quickly than both
> > hpux and aix. I guess Solaris has always been a good platform
> > (except Solaris x86) and Linux/Secureplatform seems to be
> > taking more and more market share and seems to be something
> > Checkpoint is putting quite some effort into. IPSO might also
> > be a great alternative, but requires special hw.
> >
> > > -----Original Message-----
> > > From: Symon Thurlow [mailto:sthurlow@WEBVEIN.COM]
> > > Sent: Sunday, October 13, 2002 21:26
> > > To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> > > Subject: Re: [FW-1] FP3 upgrade success
> > >
> > >
> > > Lars,
> > >
> > > A couple of people on this list (well, me and one other) have had
> > > problems with FP3 on WIN2K SP3 ceasing to forward packets
> > > after about 3
> > > hours or so. Be careful to check for this. No solution
> except for a
> > > reboot AFAIK.
> > >
> > > Symon
> > >
> > > ##############################################################
> > > ##########
> > > #############
> > >       Scanned for Viruses and Content and cleared by the
> > Webvein Mail
> > > Gateway
> > > ##############################################################
> > > ##########
> > > #############
> > >
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to LISTSERV@lists.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner@ts.checkpoint.com
> > =================================================
> >
> > ##############################################################
> > #######################
> >       Scanned for Viruses and Content and cleared by the
> > Webvein Mail Gateway
> > ##############################################################
> > #######################
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to LISTSERV@lists.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner@ts.checkpoint.com
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================