CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: Jejerod

Page 1 of 2 1 2

Search: Search took 0.01 seconds.

  1. Re: Grep won't apply when running fw ctl zdebug + drop

    I can't verify that right now, but it's probably because fw ctl zdebug outputs both to STDOUT (default output) and STDERR (error channel output). Try

    fw ctl zdebug +drop 2>&1 | grep 192.168.1.1
    ...
  2. Re: Install hotfix on management console with expired mantenaince

    Technically, you should be able to export the HFA (if it is a HFA) from GAIA Portal. Also, while at least one of your Licenses is under support, you should also be able to download the CPUSE Offline...
  3. Replies
    5
    Views
    902

    Re: fsck on the next reboot in R77.30

    Yes, the output looks like there's no fsck based on time or mount count (R80 management has also count -1 and interval 0 as far as I've checked; at least R80.20/30 with Kernel 3.10).

    /Edit: to be...
  4. Re: How to get gateways to resolve external dns

    You don't. Your Gateways are not DNS resolvers. Either use local DNS resolver (usually Windows domain controller act as DNS) or configure your gateway policy to allow DNS through the firewall to...
  5. Replies
    5
    Views
    902

    Re: fsck on the next reboot in R77.30

    I'd guess tune2fs should help out here. There are two values that can trigger a fsck on boot, number of mounts and time passed without a check. To look those up:


    [Expert@cpmodule:0]# tune2fs -l...
  6. Re: How to output fw ctl zdebug + drop to a file ?

    Try .. | grep --line-buffered 'Expression' >/path/to/file , that should suppress multi line buffering by grep (and may affect performance a bit). Seems to only happen with the Check Point GNU grep...
  7. Re: How do I check the routing table through command line? In checkpoint ?

    In expert mode, as mentioned above, "ip route show" (ip r sh is enough) or, for completeness, "ip route show table all".

    When in clish, use "show route all" and, to check on policy-based routing,...
  8. Replies
    4
    Views
    848

    Re: Checkpoint RAS solutions

    You can connect to a MOB gateway with Endpoint Connect. It should be counted as Mobile VPN (Concurrent Connection License). It won't get a desktop policy etc. of course.

    The remote access client...
  9. Re: deleting Index directories in /var/log/opt/CPSmartLog-R76/data

    I would recommend deleting log files ($FWDIR/log/) until you still have logs for a time period you feel comfortable with, then deleting all smart log indexes as well as $SMARTLOGDIR/data/FetchedFiles...
  10. Replies
    6
    Views
    1,879

    Re: Hotfix and Migration tool

    If it is a Legacy Hotfix, it should still come with a UnixInstallScript. If it is a CPUSE Package, you'll need to import it via Platform Portal or clish ("installer" commands) and then apply it.

    ...
  11. Re: locally managed appliance and remote access user with certificate?

    According to sk110534 this is possible if an external CA is used (but requires a minimal version - R77.20.75 B2270).

    It is not possible with the internal CA though (sk107261).
  12. Re: SNX - Authentication failed error on ubuntu machine

    See sk115242. You'll need SNX build 800008075 for CLI login.

    Or you could try New Mobile Access Portal Agent technology, but that did not work for me.

    Hope that helps
  13. Re: ISP Circuit Change and Check Point- assistance request

    Proxy arp is not a switch you turn on or off. You need to configure proxy arp for your new IP addresses (assuming you have PA addresses, i.e. you get new public IPs when switching ISPs).

    If you...
  14. Replies
    1
    Views
    1,197

    Re: Attack: General Notice

    There's nothing wrong.

    The Gateway could not connect to https://a.tiscali.co.uk (I checked, and I can't connect to that as well) and the result is the log line you are seeing.

    Using developer...
  15. Re: Issue with Https access with checkpoint R77.30 iso on esxi 6.5

    I'm assuming a /24 net mask for your lab env.

    NOTE: You can still run the first time configuration via config_system in expert mode (config_system -t <filename>, vi <filename>, edit the required...
  16. Replies
    2
    Views
    1,397

    Re: Nat for two private IP with one public IP

    I'd say you should take a look at sk87641, as you probably want to use a "Logical Server" object for that. Round robin and connection stickyness seem to be supported, but I have no experience with...
  17. Re: werid NAT show up in SmartDashboard. is that normal?

    According to sk109013 that seems to be an issue with the SmartDashboard itself, so you'll need to open a case to get a fixed SmartDashboard.
  18. Replies
    3
    Views
    8,031

    Re: QoS einrichten bei R77.30

    Würde ich so sehen - außer das 2:1 =~ 66.7%:33.3% ist.



    Sollte es. Kleinere Gewichtung geht immer. Größere Gewichtungen in Subregeln z.b gehen nicht (...
  19. Replies
    3
    Views
    8,031

    Re: QoS einrichten bei R77.30

    Die "total weight of all rules with open Connections" ist genau das, die Menge der Gewichtung aller aktiven Verbindungen für die es QoS Regeln gibt. Eine QoS Regel spielt nur in der Gewichtung mit...
  20. Re: checkpoint VMAC address difference between R75.47 and R77.30

    Yes, this is expected behavior for version R76 and higher. See sk50840 -> (4).
  21. Re: Simplified VRRP error: delta would be too large when backup address is added to V

    VRRP transmits priorities in it's protocol. Priority is an unsigned 8-bit value, so it can only be a value between 0 and 255.
    The node with the highest priority is active and will broadcast its...
  22. Replies
    15
    Views
    4,016

    Re: Multicast Forwarding

    If you are as clueless than me when it comes to Multicast, you want to read sk100239 and enable PIM and experiment a lot (on GAIA OS, don't think anyone sane would use anything else these days).
    ...
  23. Replies
    8
    Views
    3,232

    Re: R77.30 latest jumbo hotfix not available

    It does not matter what issues are resolved with a higher HFA. If Check Point can not guarantee it will not render your setup inoperable it won't go to GA. full stop. That most certainly makes sense....
  24. Replies
    8
    Views
    3,232

    Re: R77.30 latest jumbo hotfix not available

    Of course it makes sense. Jumbo HFA with GA status are probably known to work with other hotfixes, while non-GA HFAs are not. To keep support to a manageable level Check Point gives them out once...
  25. Re: Multiple IP addresses on an interface in Ipso

    You are probably referring to sk31821. But there's no mention about migrating to CCP in the original post, nor mentioning CCP at all in my quoted post. CCP may not support alias IPs, but the post...
  26. Re: Multiple IP addresses on an interface in Ipso

    IP aliases are in GAiA since 75.40.


    fwgwcg1> show interface eth0
    state on
    [...]
    ipv4-address 10.195.34.124/16

    fwgwcg1> add interface eth0 alias 172.16.42.124/24
    fwgwcg1> show interface...
  27. Replies
    8
    Views
    2,483

    Re: IPSEC Certificate on the Gateway Expired

    It's even better to convert the timestamp to epoch, so you can just make a simple subtraction to find out how many seconds your certificate has left. Then just send a mail when that value is smaller...
  28. Replies
    4
    Views
    7,743

    Re: SIC configuration problem

    The log messages are normal for a fresh installed machine. Seeing that you didn't change the hostname from the pre-generated one: Did you run the first time configuration wizard?
  29. Re: Cron Job to automate deletion of /var/log files

    If you have smart log enabled, you'll want to do similar job for the smart log index files (found in $SMARTLOGDIR/data/).

    Also, newer releases of find have a -delete switch which is much more...
  30. Replies
    3
    Views
    2,450

    Re: are these claims true about Sandblast

    Yes, that is correct. TE/TX supports HTTP and SMTP (plus HTTPS if HTTPS inspection is enabled).

    I understand that Fortinet also supports SMB, FTP, IMAP and POP3.
    While FTP may be useful I doubt...
  31. Re: TCP State Logging - sk101221 - Need help to understand differences

    From reading the sk:



    You'll get one log entry for the SYN. If there was no connection established and the session expires due to check point's TCP timeout, you should get an extra log with TCP...
  32. Re: Searching Multiple DNS Suffixes to Resolve IP to Hostnames

    Adding searchdomains to resolv.conf does not help at all to resolve IP addresses to names. It only helps resolving short host names to IPs.

    For IP-to-host resolving you'll need access to the name...
  33. Replies
    12
    Views
    4,950

    Re: help to understand fw monitor syntax.

    Your monitor expression compares two bytes to a value. Two bytes can have a value between 0 and 65535.
    IPs starting with 111.222 are - bitwise:


    > perl -e 'printf("%08b %08b\n",111,222);'...
  34. Replies
    12
    Views
    4,950

    Re: help to understand fw monitor syntax.

    That expression should't even compile (while your example does compile, try other values).


    [Expert@cpmodule02:0]# fw monitor -e 'accept [12:2,b]=111.222;'
    monitor: getting filter (from command...
  35. Replies
    4
    Views
    1,424

    Re: disable NTP server on GAIA R75.47

    When dealing with files generated by confd, issue a "chattr +i" on the file after changes.

    See sk92379:



    This should be properly documented somewhere, as a standard "ls" will not show that...
  36. Replies
    4
    Views
    1,521

    Re: ISP uplink has a /30 network

    It is possible to use different networks for physical and cluster IP.

    So you could use RFC1918 IPs on the physical interfaces and a public IP as cluster IP. Details can be found in sk32073.
  37. Re: Cpuinfo shows only 1 core on Xeon X5260 (dual core) processor

    Just a guess, but ACPI may be disabled in BIOS or kernel options.

    I'm not sure for SPLAT, but on GAIA I'd take a look at /var/log/dmesg and /proc/acpi/processor/*/info
  38. Replies
    27
    Views
    7,324

    Re: sk93587- monitord high CPU

    Probably a simple typo.

    You'd need to start the process again to re-create the db, so the next step after rm (which should really be mv -i /var/log/db /var/log/db.`date +%s`) would be step 6.
  39. Re: Putty pscp Illegal file descriptor format error

    my bad. Escaping is necessary when under linux/unix. pscp needs unescaped '*' :)
  40. Re: Putty pscp Illegal file descriptor format error

    I'd recommend using a dedicated backup user.
    In fact, I'd recommend setting a complex long password for admin, put that in a safe location for emergencies and then use personalized accounts for fw...
  41. Replies
    4
    Views
    1,710

    Re: Content of website not shown

    Actually, in the Application Control & URL Filtering policy there's no "redirect" action. Instead there may be a "block" or "ask" action with a UserCheck item in it (for example, "blocked message")...
  42. Re: Putty pscp Illegal file descriptor format error

    The user you are using has /etc/cli.sh set as shell. SCP requires the user to have /bin/bash set as shell.

    Create a new user for that and make sure you issue "set user <username> shell /bin/bash"
  43. Replies
    1
    Views
    1,170

    Re: Correct Definition of public Internet space

    Variant 4: Define the RFC1918 as a group and negate the corresponding Cell in the policy. In the NAT policy, create a manual rule Src: RFC1918, Dst: RFC1918, No changes (= no NAT). After that rule,...
  44. Replies
    4
    Views
    1,710

    Re: Content of website not shown

    The log entry is generated by the URL Filtering (Blade). It seems Web Advertisements (Primary Category) is not blocked, but redirected to a UserCheck page (Action: Redirect, Description: Redirected...
  45. Replies
    3
    Views
    3,418

    Re: SNMP OID for dropped packet rate ?

    # grep -i dropped.*rate $CPDIR/lib/snmp/chkpnt.mib
    fwDroppedTotalRate OBJECT-TYPE
    "dropped packets rate"
    fwDroppedBytesTotalRate OBJECT-TYPE
    ...
  46. Replies
    4
    Views
    3,393

    Re: R75.47 to R77.10 Management Server Upgrade

    Backups only works for the same version, so you can't restore a 75.47 backup on a 77.10. Well, maybe you can, but the results will be unpredictable.
    Snapshots capture the whole root partition, so it...
  47. Replies
    6
    Views
    1,787

    Re: Mail alerts over TLS

    instead of the internal_sendmail way, you may want to try and use a custom script calling msmtp (at least on GAIA, /usr/sbin/sendmail is a symlink to /usr/bin/msmtp).

    You will need to specify...
  48. Re: Mobile Application Filtering and blocking Issue

    Application Control enforcement happens in two places:

    The Firewall rule set should require either an access role as source instead of a network, or the accept action needs a captive portal...
  49. Replies
    3
    Views
    1,058

    Re: Check Point 12600 LOM Installed or Not?

    This command will create a 0-byte file named lspci, the grep will fail and thus it will result in "not installed". That's not what you want.


    This command queries the PCI devices and looks for...
  50. Re: Why do you need the Mobile Access Blade when you have SSL?

    What's important here is that SSL in itself is connection security, not application security. Applications are not better off if only available over HTTPS. It just means an attacker can try to...
  51. Re: IP addresses keeps changing on R77 Gaia on Open servers

    The ID in that udev rule refers the devices' PCI Bus ID in "Domain:PCIBus:Devicenumber.Function" notation.

    So ID=="0000:02:00.0" would refer to the 2nd PCI Bus in Domain 0000, Device 0 and...
  52. Replies
    1
    Views
    1,095

    Re: Not sure why this traffic is being generated

    I'll assume the 123.63.x.x IP is from your public IP range.

    Somebody is querying Google's secondary DNS from that IP, but the Gateway never saw that request - it only saw the answer(s). As DNS...
  53. Replies
    1
    Views
    1,175

    Re: R71.4 > R75.4, Standalone > Distributed

    I'd strongly suggest you do one thing at a time - either first update, then migrate to distributed configuration, or vice versa.


    Primary


    You'll need to grab the R75.40 migration tools from...
  54. Replies
    11
    Views
    11,133

    Re: Forbidden error while accessing the Webui

    Rajizz,

    You should have a look on the web server's logs (especially /var/log/httpd2_error_log) to get more information about your problem.

    Also make sure you web server can access the files....
  55. Re: Connect primary 4200 appliance back to full ha cluster

    Did you try How to rebuild a Full HA cluster after primary member fails and backup is not available - sk61580?
  56. Replies
    4
    Views
    17,873

    Re: Reset admin CLI password in Gaia

    I tried the following on a virtual R76 and it worked:



    [Expert@fwmodule:0]# sqlite3 /config/db/initial_db
    SQLite version 3.6.20 ...
  57. Replies
    7
    Views
    2,460

    Re: can not turn GAIA from 32 to 64 bits OS

    The requirements for Gateways seem to be 6GB+ RAM. There's no such requirement mentioned for Managements. See =>sk71001. So using 64bit w/4GB RAM on a MDM is possible, but does not provide any...
  58. Replies
    3
    Views
    2,835

    Re: R76 GAIA / SmartLog

    Rebooting wouldn't help. After reboot the pppoe interface will get a new IP, forcing me to change the dynamic object again, requiring another reboot... and so on.
  59. Replies
    3
    Views
    2,835

    R76 GAIA / SmartLog

    First of all, the Forum is missing a section for SmartLog :)

    I updated my home 2205 Appliance from R75.40 to R76 recently. I'm using the pppoe interface feature and dynamic objects to connect to...
  60. Replies
    5
    Views
    2,414

    Re: Upgrade to R75.45 GAIA after R75.46 release.

    In fact, according to the R75.45 Release notes, you have to use ./UnixInstallScript, While for R76 you have to use the clish "add upgrade ..." && "upgrade local ..." commands.
    Both CLI updates...
  61. Re: Expert user is changed after upgraded to R75.40VS GAIA

    You don't have to. While the username is admin, the uid/gid is still 0, so the user is effectively root. You shouldn't modify the root user on GAIA.
    I configure cronjobs by creating a file in...
  62. Replies
    5
    Views
    2,414

    Re: Upgrade to R75.45 GAIA after R75.46 release.

    Any reason not to use the CLI upgrade method to get to R75.45?
  63. Thread: Project Gaia

    by Jejerod
    Replies
    82
    Views
    28,189

    Re: Project Gaia

    I just created a user from clish with password _((01!!@#44K12 and were able to log in on command line and webUI with that password (2205 with R75.40 GAiA+).

    The WebUI has some problems with...
  64. Thread: Project Gaia

    by Jejerod
    Replies
    82
    Views
    28,189

    Re: Project Gaia

    GAiA is the operating system and is based on RHEL5, iirc. GAiA uses /etc/shadow as password storage, so any password that works on a standard linux box will work with GAiA.
    Also:

    fw-gaia> set...
  65. Replies
    2
    Views
    3,435

    Re: GAIA R75.45 NTP server

    Technically, NTP clients running ntpd always listen on *:123. NTP uses bi-directional udp, so this is necessary.

    SPLAT did not use ntpd, but netdate/ntpdate/sntp to set the clock every few...
  66. Replies
    3
    Views
    1,624

    Re: Search a log file on the log server

    Hrm, I'd guess that fw log sends output to STDERR instead of STDOUT. So use ">/some/file 2>&1" instead of just ">/some/file"
  67. Replies
    3
    Views
    1,624

    Re: Search a log file on the log server

    If you are running R75.40, consider activating Smart Log, which will allow searching multiple logs quite fast.

    As you are probably not using R75.40, you can use "fw log" and "grep" for that....
  68. Replies
    3
    Views
    3,125

    Re: SCRIPTING ON GAIA

    While that will work too, of course, you'd have to change your scripts every time you update to another version.

    /etc/bashrc sources *.sh from /etc/profile.d, and /etc/profile.d contains CP.sh...
  69. Re: Smart Center Server Upgrade process from 70.30 to 75

    Having an extra set of hardware for preparation is much better, of course. Most of my customers like to play it cheap, however :/

    That said, I'm happy I'm preparing an R75.30 -> R75.40 upgrade...
  70. Replies
    3
    Views
    3,125

    Re: SCRIPTING ON GAIA

    Consider this cronjob (/etc/cron.d/test)


    #
    # test
    #
    * * * * * root /home/admin/bin/testcron.sh >> /var/tmp/crontest.log


    The script:
  71. Replies
    7
    Views
    2,436

    Re: UTM CLuster Smartcenter License issue

    Well, it's not only "not supported", it's violating the license agreement. Any license is allowed only on one machine.
    Also, are you sure this is working or is the eval license still in place? As...
  72. Re: Smart Center Server Upgrade process from 70.30 to 75

    It's always the same procedure, more or less.

    1. check the upgrade map to see what path to go to the version you want.
    If you want R75 (exact), you see that R70.30 can be upgraded to R75 in one...
  73. Re: performing the initial configuration using the command line interface for UTM-1

    And if you are running GAiA you can do a full configuration from expert mode using "config_system"
  74. Re: How to change remotely IP address AND Default gateway

    I didn't tried it myself so you should probably test it on a lab machine before doing it:

    clish supports transactions. you would type your commands and then issue a "commit" to apply them all at...
  75. Re: Migrating UTM 2070 HA Pair from Standalone to Dsitributed

    Going from R75 to R75.20 in one step is supported, so it SHOULD work :) But play it safe. Better safe than sorry.


    Box A will not get the policy regardless if cphastop is issued or not. At this...
  76. Re: Migrating UTM 2070 HA Pair from Standalone to Dsitributed

    Starting with B: standby, A: active you'll probably reboot B with some installation medium in place. Obviously A will stay active (attention). While installation of B takes place, no HA will be...
  77. Replies
    4
    Views
    1,632

    Re: UTM-1 450 Migration

    Licenses purchased without hardware are bound on IP addresses, either management (centralized) or gateway (local) IP.
    But Licenses that came with hardware are bound to the hardware (but must be...
  78. Re: New CP Aplliance Check Point 2200 (4xxx 21xxx..) with more powerfull CPU

    4GB

    [Expert@fwmodule]# dbget :appliance_configuration:value:/model/name
    Check Point 4200
    [Expert@fwmodule]# free -mo
    total used free shared buffers cached...
  79. Re: Migrating UTM 2070 HA Pair from Standalone to Dsitributed

    While it installs it can stay plugged in, as the HA module will not be started before the gateway receives its firewall policy (the gateway does not know about the cluster without policy). When you...
  80. Replies
    4
    Views
    1,632

    Re: UTM-1 450 Migration

    All 2012 appliances should outperform your current UTM-1 450. The 22xx series are desktop firewalls, so you should probably look at the 42xx series which can be rack mounted.


    If you want to keep...
  81. Replies
    4
    Views
    4,517

    Re: VPN Setup on UTM-1 Edge

    I'd say for an edge behind a public IP router NAT-T should be on. Make sure your edge allows this and you home internet machine allows UDP/4500. See sk84904.
    You connect probably fails because the...
  82. Re: Migrating UTM 2070 HA Pair from Standalone to Dsitributed

    What serlud said, just to make it bit clear for the unexperienced updater:


    I prefer updating/reinstalling the passive member first, to avoid a useless failover. A fresh R75.20 install, SIC...
  83. Replies
    15
    Views
    6,331

    Re: DMZ - routable or private IP addressing

    From my point of view, the key of managing security is to keep things simple.

    So.
    If you can avoid translating IP addresses, by all means do so. But that requires a full network in the DMZ. If...
  84. Replies
    8
    Views
    3,928

    Re: GAIA + Stactic Routes

    if you used "show route" or "show route all", only effective routes are shown, similar to cisco routers.

    That means if you have disabled or disconnected interfaces, those routes will not be...
  85. Re: Backup smartcenter server management - problem

    Looks like the known WinSCP vs Check Point problem to me. Try pscp.exe from PuTTY, which works for me when WinSCP does not.
  86. Replies
    3
    Views
    1,425

    Re: How to find OS version of firewall

    Usually "uname -a" or "uname -ro" (or even "cat /proc/version" on SPLAT) should tell you OS name and kernel version.

    "fw ver -k" shows FW-1 Version and FW-1 kernel version installed.
  87. Replies
    6
    Views
    1,759

    Re: How to remove closed ports?

    udp/4500 is IKE_NAT_TRAVERSAL and is allowed when "implicit rules" are active (this is why it shows as rule 0 in SmartView Tracker). If one of your VPN peers uses NAT-T, this port should be allowed....
  88. Replies
    1
    Views
    1,191

    YALI (yet another lousy introduction)

    Hello Community, or as we'd say here, Moin!

    I'm a security administrator and consultant from northern Germany. Working with Check Point products since FW-1 4.0 on Solaris; CCSA/CCSE NG/NGX...
  89. Re: Migration from R65 to R75 - internal CA DN:o=name how to change

    Did you look at sk62695 (Cannot run fwm sic_reset after changing the Security Management server's name and IP address)?



    So, yes, you have to hack the objects.C - but in a supported way....
  90. Replies
    1
    Views
    1,176

    Replacing Connectra with R75.40VE

    As some Connectra Products will go out of support end of September, I'm planning to replace them with R75.40VE (GAiA) with MAB (they will be moved to VMware, thus I selected VE/Network Mode for...
  91. Replies
    1
    Views
    1,003

    Re: location of custom queries

    You may be out of luck with this one.

    Starting from R7x (i think) SmartView Tracker stores custom queries in the management database ($FWDIR/conf/TrackerTree.C) so you'll have your queries defined...
  92. Thread: ssh timeout

    by Jejerod
    Replies
    5
    Views
    3,826

    Re: ssh timeout

    You may try something like this:

    #!/bin/sh
    #
    # resets idle value in cpshell.state
    # to default
    #

    TIMEOUT=10
    CPSTATE=/etc/cpshell/cpshell.state
  93. Replies
    1
    Views
    1,067

    Re: deleting old images/snapshots?

    [Expert@fw]# lvs
    LV VG Attr LSize Origin Snap% Move Log Copy%
    lv_current vg_splat -wi-ao 8.00G
    lv_fcd vg_splat -wi-a- 4.00G ...
  94. Re: Disk Partition Recommendations on GAiA initial setup

    GAiA usually creates a swap and LVM partition (and a very small /boot partition).


    [Expert@gaia]# fdisk -l

    Disk /dev/sda: 500.1 GB, 500107862016 bytes
    255 heads, 63 sectors/track, 60801...
  95. Replies
    4
    Views
    2,860

    Re: Console timeout

    export TMOUT=??? only works for the current session (and sub-sessions).

    For R75.40:

    To make it permanent (per-user):
    echo export TMOUT=3600 >> ~/.bashrc

    To make it permanent (globally):...
  96. Replies
    4
    Views
    2,682

    Re: v6 on Gaia - any experiences?

    Sadly, most people still ignore IPv6 even today. I run my box @home with GAiA, but not as a cluster. I'll still happily share my thoughts.


    Logging IPv6 is quite neglected. It IS logged, but...
  97. Replies
    5
    Views
    2,777

    Re: Queries on R75.3 SPLAT to R75.4 Gaia

    You are probably right on this. However, IIRC 22xx and 44xx appliances use intel 82583V GbE NICs, and intel says those are "Auto MDI, MDI-X crossover at all speeds" (see Intel® 82583V GbE Controller:...
  98. Replies
    9
    Views
    3,604

    Re: Smart-1 on VMware

    The Smart-1 appliance probably has renamed eth0 to Mgmt and basic installation would set up Mgmt to 192.168.1.1, but fails as Mgmt does not exist on your VM.
    Renaming the interface happens via...
  99. Replies
    5
    Views
    2,777

    Re: Queries on R75.3 SPLAT to R75.4 Gaia

    The Guide doesn't say you HAVE to use it. In the section for fresh installation, it just says "use eth1". Also, I've installed 44xx appliances with sync not on eth1 and it works.



    fw> show...
  100. Replies
    5
    Views
    2,080

    Re: Radius over IPSEC tunnel

    Well, your link works for me (with FF14 from both linux and windows xp boxes).

    The SK in question assumes only one line in the implied rules definition, #define enable_radius_server, which should...
Results 1 to 100 of 106
Page 1 of 2 1 2