Search results for query: *

hello, maybe you can find all the documents on www.checkpoint.com. :) martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

Hello, Bypass nat is configured (between the VPN-Tunnel Edge-NGX). Yes, the secureclient can reach the network. Yes the certifificate exists as well. :) I know the request ist quite strange, but the customer is the king. :) Martin ---------------------------------- Martin Peinsipp, Austria...

Hello! I have the following issue: Between a VPN-Edge-Box (latest firmaware) and a NGX-Firewall there is a Site-to-Site-VPN configured. Behind the NGX-Firewall there is an other NGX-Firewall (SecureClient VPN-Endpoint). Behind the VPN-Edge-Box there is a ClientPC. This ClientPC should...

hello, before ssh is working, you have to configure a hostname + domain-name on the pix. then you must generate an rsa-key (ans save this key). then be sure only to access the pix with ssh-v1 (ios7 ssh-v2 works). martin ---------------------------------- Martin Peinsipp, Austria CCSA...

hello, try this two ones: 1) leave the username-flied blank 2) username: pix martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

hello guys, i got it: clear access-list Name_of_the_ACL counters martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

Hello! Is it possible to reset the hitcount for a configured access-list without rebooting/clear xlate/whatever the PIX-Firewall? Best regards Martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

hello, in 6.3 you have to configure eacht traffic which should not be natted. i know this can be a lot of work. i read something about version 7, that in this version everythink will not be natted, until you will do it...but i do not know if this realy works in version 7. check out: Optional...

hello, first: what you are doing for the traffic from inside to internet is not nat, it is pat. but anyway it will work. i think in version 7 the nonat-behaviour was changed.. in 6.3 you must make an nonat-accesslist. for example: nat (inside) 0 access-list nonat_inside --> no nat nat...

hello, you only can bind one access-group to one interface. but a access-group can handle several access-lists (as much as you want). so you can establish different rules to one access-group. this group can be applied to one interface... martin ---------------------------------- Martin...

hello, @rn4it: basicaly you are right, but the checkpoint "understands" voiceoverip (h323), so you do not need to enable traffic in both directions. the firewall will do this dynamically. if h323-traffic is started in both directons, you are right. the only thing you have to know is the...

hello joniels, yes i found that out as well. :) martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

hello, if you configure more than one syslog-server and if you configure to log the hole stuff (debug) the pix will need more cpu-power. i think if you use one syslog-server and log "only" the standard-stuff, there should not be a problem at all. if you need debug-messages you can configure...

Hello! Today i saw that the hole ms-netbios-traffic through the pix is very slow. has somebode any ideas? martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

Hello! I am quit new in administrating a callmanager-enviroment. i did not find the right answere here. so wil try to post my problem. i would like to forward our local it-support phonenumber based on a "timetable". from 9 to 5 the supportnumber should not be forwarded. after 5 a clock, this...

i for got the config for the vpn-client-stuff: crypto map crypto_outside 65535 ipsec-isakmp dynamic outside_dyn_map crypto map crypto_outside client authentication aaa_makeit ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

hello, with the ms-ias this should be the configuration: aaa authentication ssh console aaa_makeit LOCAL aaa authentication telnet console aaa_makeit LOCAL aaa authentication http console aaa_makeit LOCAL aaa-server aaa_makeit protocol radius aaa-server aaa_makeit max-failed-attempts 3...

hello, the latest version of mrtg is cacti...www.cacti.net.it is quit easy to install and to maintain..you can do all the stuff in the webbrowser... an other tool might be snmpc....then the pix can send snmp-traps to the system. there you can make some scripts..for example: if snmp-message x...

hello, thank you for the answeres. martin ---------------------------------- Martin Peinsipp, Austria CCSA, IT-Security-Administrator

hello, when you move the certificate to an other laptop, first you must install the master-certificate (with this cert. you created the cert for the user, isn´t it?) on the laptop. after that, the cert of the user will be shown in the secureclient. i had the same problem several times with new...