[Dshield] Checkpoint 4.1
AWilly at eSMIL.net
Wed Oct 6 20:58:45 GMT 2004
Thanks for your input. I'm confident that network connectivity isn't the
issue, because the FW TOPO works, and the FW will drop or allow packets
depending on our rules in both the test and live environment.
As far as the license, perhaps this is it? Although I did install the
licenses that I can find installed on my working FW. Also, SecuRemote is
only one method we use for VPNs; we have hardware established VPNs, and they
aren't working either. I'm focusing on SecuRemote because it's the easiest
to test and most CP users are familiar with it. Just in case, though, I'm
going to take your suggestion and look around the CP site for a specific
TCPDump - I'm afraid I wouldn't know what to make of the captured data. It
is a good idea but unfortunately beyond my skills. I plan to try it,
anyway, in case there is something glaring.
p.s. I apologize to everyone for the signature disclaimer. It is applied at
the mail server, and I cannot remove it without removing it for all of our
users. If it is a large enough issue, I will resubscribe to this list with
an outside account.
From: Joe Matusiewicz [mailto:joem at nist.gov]
Sent: Wednesday, October 06, 2004 9:23 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Checkpoint 4.1
At 02:49 PM 10/5/2004, you wrote:
>Thank guys. Below is the email I sent to their list, just in case a
>Checkpoint wizard lurks around DShield and is feeling generous with his/her
>I am not a FW1 expert. I apologize in advance if I fumble with terminology
>or leave out obviously pertinent information (obvious to an expert).
It's been a while since I worked with 4.1, it's unsupported and did need
some patches. I'm assuming when you moved over the new box you brought
over the ~/database, ~/conf, and Checkpoint recommended the ~/state
directories (although I can't fathom why the state directory is
needed). Your SecuRemote woes could be something simple as not adding a
license for SecuRemote, which is free but needed for it to work. Natting
may also be an issue or it could be something as simple as routing. Maybe
there is no network connectivity between the two boxes. A ping/traceroute
might help in this case. Under 4.1 the client had to point to the box that
held the management station. Since there is nothing in your logs, run
tcpdump somewhere along the path between the two boxes and see what, if
anything, is going on.
Hope this helps....
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at esmil.com - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related
More information about the list