[VPN] Checkpoint NG FP3 and Firewall Module

Carl Friedberg friedberg at comets.com
Sun May 11 16:41:31 EDT 2003

I hope you have enterprise level Checkpoint support available. Personally, I would recommend you research alternatives to NG. I personally suspect those letters really mean Not Good (quality of support, code, etc). Just my 2 cents.

I have been involved with similar types of issues (FP3 upgrade failed, thereafter the system is fundamentally unstable, can't apply FP2 paches, can't upgrade to FP3). 

I wonder if it is just the cluster with a management station that has these problems, or if they are more widespread. Interestingly enough, the FW to FW VPN seems to work well...

Have you looked into a Cisco PIX? Or, if you are technically capable, would IPTables/Netfilter (Linux) or BSD IPFilter work for you? with FreeSWAN for VPN? or CIPE?

BTW, is this a SecuRemote question? If not, you should join FirewallWizards or similar and post there; there are probably more people who are FW1 experts.


-----Original Message-----
From: Dain . [mailto:area_20%hotmail.com at fwd.com]
Sent: Friday, May 09, 2003 10:34 AM
To: vpn
Subject: [VPN] Checkpoint NG FP3 and Firewall Module

Hi all,

I have recently installed a Checkpoint cluster and a Management machine 
running NG FP3 but by accident installed the Firewall module onto the W2K 
box as well as the management clients. We only noticed this when the 
firewall wouldn't log to the admin box.
We have managed to stop the firewall process on the management PC and the 
logging now works OK. The question is, is there any way of removing the 
firewall component whilst just leaving the management clients, or do we need 
to completely re-install the box ? If we can remove the process, how would 
you recommend backing up the config ?

Thanks in advance for any light you could shed on this .....

Stay in touch with absent friends - get MSN Messenger 

VPN mailing list
VPN at lists.shmoo.com

More information about the VPN mailing list