[Dshield] Checkpoint 4.1

Joe Matusiewicz joem at nist.gov
Wed Oct 6 16:23:18 GMT 2004


At 02:49 PM 10/5/2004, you wrote:
>Thank guys.  Below is the email I sent to their list, just in case a
>Checkpoint wizard lurks around DShield and is feeling generous with his/her
>expertise ..
>
>-----------------------------
>
>Good morning,
>
>I am not a FW1 expert. I apologize in advance if I fumble with terminology
>or leave out obviously pertinent information (obvious to an expert).

It's been a while since I worked with 4.1, it's unsupported and did need 
some patches.  I'm assuming when you moved over the new box you brought 
over the ~/database, ~/conf, and Checkpoint recommended the ~/state 
directories (although I can't fathom why the state directory is 
needed).  Your SecuRemote woes could be something simple as not adding a 
license for SecuRemote, which is free but needed for it to work.  Natting 
may also be an issue or it could be something as simple as routing.  Maybe 
there is no network connectivity between the two boxes.  A ping/traceroute 
might help in this case.  Under 4.1 the client had to point to the box that 
held the management station.  Since there is nothing in your logs, run 
tcpdump somewhere along the path between the two boxes and see what, if 
anything, is going on.

Hope this helps....


-- Joe




More information about the list mailing list