Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall 1 NG with Safe@Office

Status
Not open for further replies.
Moss2001

Moss2001

IS-IT--Management
Aug 23, 2001
17
0
0
GB
Hi people!

Wonder if anyone has ever tried setting up a VPN between a Firewall 1 NG box and one of the small Safe@Office boxes??

We've successfully set up the VPN and communication seems ok, but intermittantly (and at random intervals) the Safe@Office box seems to drop the VPN connection without warning.

Users internal to the Safe@Office can usually still get traffic out to the internet, and even in some cases to the internal side of the remote site. But nothing seems to get back in!

It sounds to me like some sort of timeout on the VPN connection but there is nothing on the Safe@Office box to change this. We know the NG Firewalls are working ok as the same NG firewall has a VPN connection to another NG firewall in another site.

Any suggestions folks??

Cheers!

Chris.
 
Sort by date Sort by votes
What version of firmware are you using on your Sofaware box and what version of NG are you running?

This was an issue known to Checkpoint and the fix seems to be a minimum firmware of 4.5.50 and HFA 9 or above on your management server for NG AI.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Hi!!

Thanks for the info.. in one of the Safe@Office boxes we're running 4.5.44x, but we've got one in another site running 4.5.50 which also has the same problem.

So from what you've said, it seems the problem is related to NG-At the moment we're running NG FP2 (no AI), but the problem is that (due to cost!) we currently have no support contract with Checkpoint, and are unable to get any updates!!!

Seems they're going to have to get something sorted-I'll post the result here once we're upgraded!

Cheers for your help-very much appreciated!

Chris.


Chris Vickers
moss2001@hotmail.com
 
Upvote 0 Downvote
We have Checkpoint NG AI (R54) Cluster running 6 Site to Site VPN using the little Nokia IP40 boxes. We have supernetted the IP address ranges they are using 192.168.100.x / 255.255.255.240 and we have very few problems with the connections. We do, however, occasionaly have drop offs and these appear to be caused by Encryption errors between the remote site and Central. I have read that most of the errors we are seeing are fixed in R55 but as I need to also upgrade to IPSO 3.8 in the near future I suspect I will wait for the R55W release before I commit! Needless to say it would appear that the older the version of checkpoint, the worse the Safe@ option is!

Good Luck...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
145
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
145
Johnkite
Johnkite
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
70
hairlessupportmonkey
hairlessupportmonkey
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
51
ISDPCMAN
ISDPCMAN
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
54
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top