Solved

Firewall-1 - novice - Help Please...

Posted on 2001-06-14
7
171 Views
Last Modified: 2013-11-16
I have the dubious pleasure of trying to configure Checkpoint Firewall-1 on an AIX 4.3.1 box for the very first time.

I've discovered today that I cannot use the GUI as I will
need to puchase an additional license to use the X/motif client - which I'm not too happy about. I must be able to
configure from the command line...(?)

The documentation received with the media is not very helpful.

Can any kind soul out there please point me at any worthwhile books/websites which may help me in my quest.

Thanks in advance...
0
Comment
Question by:penguin1
  • 3
  • 3
7 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 100 total points
Comment Utility
Try www.phoneboy.com  It is a good resource for FW-1.
0
 
LVL 12

Expert Comment

by:Housenet
Comment Utility
-A.I.X I can see but checkpoint was a bad idea..
-You just bought the thing correct ? Why not call the support line & explain the situation ?
0
 
LVL 5

Expert Comment

by:Droby10
Comment Utility
housenet, just curious what your aversion to checkpoint is...?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 12

Expert Comment

by:Housenet
Comment Utility
-Droby10 to be truthfull I do not even have any personal experience with checkpoint. I have never heard anything but very bad things about it from many reliable sources...
-Crappy support, difficult to setup remote clients ..etc..
0
 
LVL 5

Expert Comment

by:Droby10
Comment Utility
hmmm...we've deployed enterprise fw-1 setups in numerous sites, and have few problems (never on aix, though...sun, nokia, and nt).

clients...? (vpn/management stations)
the vpn clients are a little fickle and occasionally we've seen the stack corrupt in nt installations...but it's rare, and we don't do that many nt installs.

the difficulty with support is that in almost all instances, verisign/checkpoint will attempt to get security/firewall technicians on site to fix the problems...and out of the technicians i know and have worked with they feel that their job is not to reconfigure a policies (that's the companies' role) but to do more of the enterprise architecture and initial installation work.  almost all of the problems they find are with incorrectly configured policies (usually because of an exasterbated rule-base).

-just my 2 cents.
0
 
LVL 12

Expert Comment

by:Housenet
Comment Utility
Droby, I value your opinion. Are you saying checkpoint is good ?
0
 
LVL 5

Expert Comment

by:Droby10
Comment Utility
imo, from a security standpoint, there's nothing better...no software firewall has the level and depth of inspection that checkpoint provides, and at the speed in which checkpoint does it...

from a configuration and bell's and whistles standpoint, there's still nothing better...although sometimes those bells and whistles add to the complexity of the beast...the downfall for most has always been finding experienced fw admins and the pricey licensing...

in relation to guantlet, pix, and netscreen; guantlet is less intuitive to use, pix has proven itself to be less of firewall and more of a packet-filter, and it seems netscreen almost matches checkpoint in terms of security, but lacks the level of configuration/options that fw-1 offers.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now