firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. PIX in multiple IPsec roles (Dan Ritter)
2. checkpoint authentication on external interface (Francois Yang)
3. Slow FTP transfers (sky)
----------------------------------------------------------------------
Message: 1
Date: Wed, 19 Aug 2009 13:52:53 -0400
From: Dan Ritter <dsr@tao.merseine.nu>
Subject: [fw-wiz] PIX in multiple IPsec roles
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <20090819175253.GZ23234@tao.merseine.nu>
Content-Type: text/plain; charset=us-ascii
Is there a plausible way to convince a PIX to pass through an
IPsec tunnel to another device while simultaneously being an
endpoint for a different tunnel?
I have sites A, B, and C. Each has a PIX515E with tunnels to the
other two sites.
Now a vendor wants to establish a tunnel to a device inside
PIX A. I seem to be lacking the right keywords to search for
this.
-dsr-
--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.
------------------------------
Message: 2
Date: Thu, 20 Aug 2009 11:37:43 -0500
From: Francois Yang <francois.y@gmail.com>
Subject: [fw-wiz] checkpoint authentication on external interface
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<7a3963cb0908200937j1a64c06bneb713b4469dc5ff5@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
I hope the list can help me out or point me in the correct direction.
In Checkpoint R65 splat when you turn ON Manual authentication, it
turns ON port 259 and 900 on both internal and external interfaces.
I was wondering if there's a way to turn it OFF on one interface and
still keep it on the other.
An example would be if you have an edge firewall and you don't want it
to be visible from the outside but still need it for other functions.
I tried to create a rule that would block anything from the outside to
the firewall on those ports and that did nothing.
Looking in tracker also showed nothing.
I can connect to the login page but I can't see any logs.
looking through the implied rules also showed nothing.
So does anyone have any suggestions that would not kill my support contract? :)
thanks
Frank
------------------------------
Message: 3
Date: Thu, 20 Aug 2009 10:18:54 -0700
From: sky <virendra.rode@gmail.com>
Subject: [fw-wiz] Slow FTP transfers
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4A8D857E.6050401@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi,
I'm having an issue when ftp'ing (default port mode) large file (50megs)
to a remote server sitting behind FWSM. The transfer gets real slow and
at times just timeouts.
Now when I change ftp mode to passive the same file transfer works w/o
any issues. Why?
Have inspect ftp and mtu is set for 1500. I've checked for duplex
settings as well which is good.
Any thoughts will be great.
regards
sky
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 40, Issue 6
***********************************************
No comments:
Post a Comment