Search results for query: *

Sorry I dont do telephone support. I cant realy continue this post but all the information is in the post for you to solve the problem. First thing is you need to look in logs for local and remote firewall. Presumably remote firewall is managed by same management staton which makes everything...

Hi I dont think it should be a problem. Not sure how pix works with encryption so wondering if you might have to do some NAT somewhere so that the pix box sends the traffic back down the right tunnel. If its not an urgent requirement I would upgrade to NGX "as latest version as you dare"...

both, so isp redundancy fails over the vpn as configured by the tick box and then the vpn community settings take over. You need to go through and check my previous suggestions one by one eg, routing, firewalling ( not just on the firewall but dsl routers at your location and the other location...

Id like to help but its a bit complex You need to set up a test environment and play around with the settings. When i check / uncheck "Apply Settings to VPN Traffic" things do not get greyed out. You also need to check your encryption settings. What you could try doing is replace your normal...

not sure about your set up. presumably you have a normal internet link ( eg T1 ) and failing over onto dsl line. Presumable you have location A with 1 being the normal link and 2 being the dsl link. Then location B You probably should verify the following 1. there is no firewalling on the dsl...

Hi I remember in 4.1 for state sync you used to do put keys between the interfaces. So, in NG & NGX put keys have been replaced by sic. If sic failed on the member of a cluster would the state tables continue being kept up to date. Thanks "Birmingham

I wonder wether the problem really is a certificate problem. Maybe the problem is to do with how you have your objects configured for the cluster vpn. Id start off by upgrading ipso to a newer version ( there are cluster fixes in the later versions ) and apply the latest HFA ( yep - more...

I dont think it stop / starts but if you dont do a stop before doing it there is the risk you might miss something.

Quite a lengthy problem this so apologies if i missed something has said. I would try and simplify the problem so if it doesnt work with no access list on the router its not going to work with one. So suggest until you get vpn working you test it with the router with no access list. Next, I...

Isnt it a nightmare when you try and do the most straightforward of things and they go wrong. Search the nokia support site and there is the answer which involves restablishing virtual links - pretty straightforward instructions. I also had to back out the patch from one of our firewalls as we...

Hi Dave, Support for checkpoint is a nightmare. I have a similar problem with the company we use. I feel like i am often one step ahead in the book than them and if i have a problem its not that they know the answer its that they have the nokia or checkpoint database to search. By far the most...

Did you stop all the services

from the sounds of it you have the new harddrives in the old boxes so maybe you are encountering a hardware funny. If its not that try using the ipso iclid & show vrrp & show vrrp interface. I wonder if for some reason both are becoming masters and blocking each other out. Also, check the...

Hi, I am trying to configure secure client verification with secure client. The only thing i am trying to do at the moment is check a registry setting to see if their anti virus pattern file is up to date but i keep getting clients configuration is not verified. Does anyone have any experience...

Do let us know how you get on in this. I do find it frustrating how checkpoint leave us to stuggle in sorting these things out. Anyway enough of that. Are you using simplified or traditional policy? If you are using simplified try editing vpn_route.conf and adding an entry for the natted ip...

check out your smart defense settings. 998 means something in smartdefense i think

Thanks Akiwondo, Ive also found http://www.digitalmigrations.com/ with some very useful articles. Im actually doing some VPN routing now and it seems quite good. Im hoping to route between stars managed by the same management station. Hopefully that will work. Thanks David.

Go to this link: https://support.checkpoint.com/kb/public/idsearch.jsp?id=sk14617&QueryText=%28%28%3Cthesaurus%3E+secureclient+AND+%3Cthesaurus%3E+ports%29%29&resultStart=1 or if that doesnt work support.checkpoint.com and search for secureclient ports

Yep, sorry i got my version numbers messed up. In the end i solved it by substantially increasing the coldstart delay. Not sure what a typical delay should be but like you i have note 3.8 and it looks like they have made it interface with fw1 better. I think they have removed coldstart...

I think there used to be two types of license. A central license that you can attach to anything and the "local" license that you attach to the module with the ip address you are licensed for. I guess the ip addresses on w2k and nokia are the same so the next question is are you using...