Would it be possible to share any of the configuration cookbooks with anyone
?

-----Original Message-----
From: Nelson Fernando Aranzazu [mailto:fernando.aranzazueqnt.com]
Sent: Monday, October 07, 2002 10:21 AM
To: Slighter, Tim; issforumiss.net
Cc: Agapitos Chrysochoos
Subject: Re: [ISSForum] RealSecure OPSEC with FireWall-1 is working

Yes, it is. The NS successfully sends OPSEC messages to the FW-Management,
and the FW closes the sessions and inhibits the suspicious IP.

----- Original Message -----
From: "Slighter, Tim" <tslighteritc.nrcs.usda.gov>
To: "'Nelson Fernando Aranzazu'" <fernando.aranzazueqnt.com>;
<issforumiss.net>
Cc: "Agapitos Chrysochoos" <achrspace.gr>
Sent: Monday, October 07, 2002 9:57 AM
Subject: RE: [ISSForum] RealSecure OPSEC with FireWall-1 is working

> If I may interject at this point please....the NS is sending SAM messages
to
> the firewall, is it also sending true OPSEC commands and implementing an
> inhibit on a blocked connection and implementing this on the firewall ?
>
> -----Original Message-----
> From: Nelson Fernando Aranzazu [mailto:fernando.aranzazueqnt.com]
> Sent: Friday, October 04, 2002 2:30 PM
> To: issforumiss.net
> Cc: Agapitos Chrysochoos
> Subject: [ISSForum] RealSecure OPSEC with FireWall-1 is working
>
>
> Right now the implementation of OPSEC between the network sensor and
> FireWall-1 NG FP2 is working.
>
> I've followed the instructions that Agapitos Chrysochoos(achrspace.gr)
sent
> me and the situation was fixed. Although the "fw sam..." command is not
> working and never worked, the most important thing is the NS is sending
SAM
> messages to the firewall and it works.
>
> Thanks to everyone who sent me advices specially to Agapitos for the
> document, it was helpful.
>
> Regards,
>
> ________________________
> Nelson Fernando Aranzazu
> Administrador LAN-WAN
> Equant - Data Center
> Bogotá, Colombia.
>
>
> ----- Original Message -----
> From: "Agapitos Chrysochoos" <achrspace.gr>
> To: "Nelson Fernando Aranzazu" <fernando.aranzazueqnt.com>;
> <owner-issforumiss.net>
> Sent: Thursday, October 03, 2002 2:08 AM
> Subject: RE: Configuring RealSecure to use OPSEC with FireWall-1
>
>
> > Dear Nelson,
> >
> > You have probably already seen a technical paper on the support site at
> > iss.net. However, I have attached in case it solves the problem.
> >
> > I have tried it with the previous feature pack, and it worked fine.
> > Unfortunately not with FP2.
> >
> >
> > I also attach the answer from the technical site of iss on a similar
> > problem:
>
> --------------------------------------------------------------------------
> --
>
> --------------------------------------------------------------------------
> --
> > --------------------------------------
> > Attached is the document that explains how to configure RealSecure 6.0
> OPSEC
> > responses.
> >
> > If you follow the instructions provided in the document and still seem
to
> be
> > unable to get the response to work, it is recommended that you run some
> > tests regarding SAM responses from a command line on the Check Point
> > Management server. If your tests don't work from a command line, it is
an
> > indication that there is a Firewall configuration issue. At that point,
> you
> > will need to contact your Check Point Firewall support to assist you in
> > resolving the firewall configuration issue.
> >
> > FAQ: How do I know who my Check Point Firewall Tech Support is?
> > Answer: Whoever you purchased this from will provide support.
> >
> > To run this test:
> > from /opt/CPfw1-41/bin enter the command fw sam -i src
"any_ip_address" -t
> > 60.
> >
> > This should inhibit the source IP address for 1 minute. This should show
> up
> > in the Firewall logs as a control action with description of SAM
inhibit.
> >
> > This would let us know that the Firewall is properly configured allowing
> us
> > to concentrate on the RealSecure side of the situation.
>
> --------------------------------------------------------------------------
> --
>
> --------------------------------------------------------------------------
> --
> > ----------------------------------------
> >
> > Best of luck and hope everything works fine by now!
> >
> > Kind Regards,
> >
> > ============================================
> > Agapitos Chrysochoos
> > IT Security Consultant
> >
> > Space Hellas S.A.
> > 302, Messogion Av.
> > 155 62, Athens
> > Greece
> > Tel. +30 106504357
> > Fax. +30 106504204
> > ============================================
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: owner-issforumiss.net [mailto:owner-issforumiss.net]On Behalf Of
> > Nelson Fernando Aranzazu
> > Sent: Tuesday, October 01, 2002 5:10 PM
> > To: issforumiss.net
> > Subject: Configuring RealSecure to use OPSEC with FireWall-1
> >
> >
> > Hello,
> >
> >
> >
> > I'm trying to implement OPSEC between Network Sensor 6.5 and CheckPoint
> > Firewall-1 NG FP2 (installed with backward compatibility) but it doesn't
> > work.
> >
> >
> >
> > I have already configured the "fwopsec.conf" file in the firewall,
applied
> > the keys and configured the network sensor to use OPSEC. But when I'm
> trying
> > to test the SAM response executing "fw sam -t 60 -i any_ip_address"
the
> > firewall shows the follow message: "sam: Unexpected end of session.
It
> is
> > possible that the SAM request for 'Inhibit src ip any_ip_address on All'
> was
> > not enforced."
> >
> >
> >
> > Had anybody had this kind of situation?
> >
> >
> >
> > Thanks.
> >
> >
> > ________________________
> > Nelson Fernando Aranzazu
> > Administrador LAN-WAN
> > Equant - Data Center
> > Bogotá, Colombia.
> >
> >
> >
> >
>
> _______________________________________________
> ISSforum mailing list
> ISSforumiss.net
>
_______________________________________________
ISSforum mailing list
ISSforumiss.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]