Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 1999-q4

ISS/XForce Archives: RE: Realsecure and Firewall

RE: Realsecure and Firewall

Subject: RE: Realsecure and Firewall
From: Droski, Sheila (ISSTexas) (SDroskiiss.net)
Date: Tue Nov 30 1999 - 13:16:47 CST

Next message: Droski, Sheila (ISSTexas): "RE: Database updates?"
Previous message: Rodney Smith: "Re: Multiple Security Engineers Sharing Internet Scanner"
Maybe in reply to: Sunny Leung: "Realsecure and Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Hi Sunny,
If I understand your question correctly, you have a RealSecure Network
Engine inside your firewall and want to kill a conversation where one of the
participants is outside the firewall and the other participant is inside the
firewall (otherwise the traffic would never cross the segment where the
RealSecure engine is listening).

The answer is that you don't have to open any additional ports through the
firewall. When we "kill" a connection, we send a TCP RESET packet to both
participants in the conversation. We use the same ports that they are using
to communicate, or they would ignore the RESET. The firewall must already be
allowing communication on those ports to pass, or the original conversation
wouldn't be happening...make sense? Also, keep in mind that often, different
ports will be used for each new connection and the ports used for the RESETS
will change accordingly.

The only time that I can think of that you need to open specific ports
through a firewall is if the RealSecure console is inside a firewall and the
engine is outside...then you open ports for them to communicate. The default
ports for this are in the documentation, and you can change them if you'd
like.
Hope this helps,
sheila

-----Original Message-----
From: Sunny Leung [mailto:sunnyldatalink.com.hk]
Sent: Tuesday, January 26, 1999 9:21 PM
To: issforumiss.net
Subject: Realsecure and Firewall

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

Dear All,
After enabling the "KILL" function on ISS Realsecure which is behide a
Firewall(Check Point), which port(s) should i open on Firewall to allow the
"KILL" traffic pass through Firewall ?

Regards,
Sunny

Next message: Droski, Sheila (ISSTexas): "RE: Database updates?"
Previous message: Rodney Smith: "Re: Multiple Security Engineers Sharing Internet Scanner"
Maybe in reply to: Sunny Leung: "Realsecure and Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Dec 02 1999 - 20:20:54 CST