Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Tony,
FP3 and W2K(SP3) have an ARP problem which has been discussed in this group many times and I have myself experienced with one
of my clients. This causes the firewall to crash and stop forwarding packets. This can be anywhere between 3 hrs to a few days but it
does happen and the the only to recover it is to kick the box in the guts by doing a full system reboot..
There are a few suggested workarounds for this problem mostly to do with a local.arp file like in WinNT. I am in the process of trying this
but until someone comes up with a sure way to solve this, I have been recommended by some security experts to stick with FP2 until
FP4 comes out sometime in 2003.
FP4 I have been advised will be moslty bug-fixes for FP3.
As for your 10 second problem, have you checked you firewall object has the external NIC as its default ? .. this has been known to be the cause
of this particular problem ...
04/12/2002 01:54 PM
Please respond to Mailing list for discussion of Firewall-1
To: [email protected] cc:
Subject: [FW-1] Upgrading 4.1 on WinNT to NG FP3 on Win2K
Hi all,
I'm in the process of moving my Firewall (4.1 SP3 on WinNT SP6a) to a new
server running NG FP2 on Win2K SP3. The enforcement & management modules are
both running on the Firewall server.
I installed NG FP2 on the new server, ran the Status Manager & confirmed
that everything was running. The Firewall appeared under the server name
(which is NOT the same as the 4.1 server name) as I expected for a new
install. I then ran the Policy Editor & it started OK, obviously with no
rules defined.
I used the Checkpoint Upgrade utility to upgrade the objects & rulebase etc
& the upgrade seemed to go OK. I ran the Status Manager & the firewall
appeared under the Firewall object name from my 4.1 config (instead of the
new server's name, meaning that the upgrade actually did do something) with
everything indicting an "OK" status. However, when I run the policy editor
it seems to start & connect OK, but then exits within about 10 seconds. The
Log Viewer does this as well.
I have NOT run either the pre- or post-upgrade verifier. Is this likely to
help? If so, can the pre-upgrade verifier be run on the 4.1 server or does
it require NG. Any assistance would be greatly appreciated. I'd be happy if
I can only import the objects from my old config as the rulebase itself is
trivial & can be easily recreated if the objects are already defined.
Once I have FP2 running with my old objects & rulebase I intend to upgrade
to FP3. Should this be fairly trivial or are there likely to be some
"gotchas".
Thanks,
> Tony Jones ASE MCSE (NT4/2000) MCIDS
> Systems Engineer
>
>
Downs MicroSystems Pty Ltd
145 Margaret Street
Toowoomba Qld 4350
Ph. (07) 4639 3344 Fax (07) 4639 3820
Important Disclaimer and Warning
Downs MicroSystems does not represent or warrant that any attached files are
free from computer viruses or other defects. The attached files are
provided, and may only be used, on the basis that the user assumes all
responsibility for any loss, damage or consequences resulting directly or
indirectly from use of the attached files. The liability of Downs
MicroSystems in any event is limited to either the resupply of the attached
files or the cost of having the attached files resupplied.
NOTE: The views expressed by the individual in this message do not
necessarily reflect those of the organisation.
Downs MicroSystems is committed to protecting the privacy of individuals,
and is bound by the principles of the Commonwealth Privacy Act (1988).
Should you wish to view our Privacy Policy, please visit
www.downsmicro.com.au.
The information contained in this message is confidential and may be legally
privileged. The message is intended solely for the addressee(s). If you are
not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful.
If you are not the intended recipient, please contact the sender by return
e-mail and destroy all copies of the original message.
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email [email protected]
=================================================