Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Migrating to NG management - anti-spoofing problems

To: [email protected]
Subject: [FW-1] Migrating to NG management - anti-spoofing problems
From: Torkel Mathisen <[email protected]>
Date: Mon, 20 Jan 2003 12:00:23 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

(My environment is Provider-1, but the problem is relating to FW-1 in
general.)

I recently migrated one of our 4.1 CMAs to a NG FP3 CMA. It was a total
of 17 firewalls in that CMA. The migration went fairly ok I think, so
thats not the problem.

The problem is relating to anti-spoofing and VPN encryption domain.

You see; I also have a NG FP3 modules on this CMA, and since none of our
4.1 modules have any anti-spoofing we can't install policy on the NG FP3
module. All our 4.1 modules is set as "Undefined" in Topology and the
VPN Domain is set to "All IP Addresses behind Gateway baseed on Topology
information".

When I have this I get the following message when I try to install on the
NG FP3 module:

Security Policy verification warnings:
No VPN Domain is defined for object "4.1 fwname".
Topology of the interfaces for object "4. 1 fwname" is not defined,
therefore, the VPN domain for "4.1 fwname" cannot be defined as
"All IPs behind Gateway"
Failed to generate Security Policy script fro rulebase

So basically I can't install rulebase on my NG FP3 module because my 4.1
modules doesn't have anti-spoofing.

Anyway I can fix this?

I don't even use any VPN in these modules and yet I have to define VPN
domain?

And why does all modules have to have "VPN-1 Pro" enables even though I
don't use any VPN?

Any advise would be appreciated.

Regards,
Torkel

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Migrating to NG management - anti-spoofing problems
  - From: Tomas Norum <[email protected]>

Prev by Date: Re: [FW-1] anyone dhcp relay success?
Next by Date: [FW-1] Secure Client as a personal firewall
Previous by thread: Re: [FW-1] NG FP2 to SofaWare VPN
Next by thread: Re: [FW-1] Migrating to NG management - anti-spoofing problems
Index(es):
- Date
- Thread