Hi, everybody
I use WebTrends FireWall Suite for create Reporting Web. The log file
are generate by my FireWall (CheckPoint FW1) in a binary format.
I must export the log file for use them.
But the export operation is very very long ( 1 hour for 1 %).
The command line under dos windows is :
fw
Title: RE: PIX 515 question
Hi,
First thing that you need to check is your security levels. I am most definitely assuming that your internal is a greater value than the DMZ. This can be checked by typing sh nameif. Traffic is allowed by default from a higher value to a lower (Eg. 100 -- 25)
On 15 Nov 2001 at 10:11, Johnston Mark wrote:
Another thing to check is that you are actually connecting to the right IP
address this makes a difference if you use non-routable ip's in your
dmz. Lets say that you connect to www.test.com doing an nslookup might
reveal the legal ip (Eg.
Frederic,
Your a little sparse on details like IOS version, NAT setup, etc., but
there's no reason that what you want to do cannot be done. There are
examples of what your trying to do with and without NAT on the Cisco web
site (watch the wrap):
Greetings!
I have a case where I want the PIX to forward traffic destined for a
particular network to a router interface on the same dmz the PIX recieves
this traffic on. ie, the dmz interface for the PIX is the default gateway
for all hosts on that dmz. Most traffic goes on to the PIX's
The pix will not send traffic back out the same interface it recieved it
on, it is considered a security issue. I ran into the same problem a year
ago.
A solution would be to place a router in the DMZ, and have all hosts point
to that. Anything not staying in the DMZ would then be routed to the
That would certainly explain what I've seen...
Thanks!
Scott
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 10:31 AM
To: Scott Pendergast
Cc: '[EMAIL PROTECTED]'
Subject: Re: Static routes with PIX
The pix will not send traffic
It was my first question to the ML,
Thank you very much for the great input !!
F
___
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
Hi
I have a user who has a broadband (satellite)
modem and a standard modem link for downloads and
uploads.
When he enables his broadband, Securemote fails (he
cannot even create a site). When he disables
broadband, it works fine with standard modem. The
user says everything worked fine until
Hi
I am implementing VPNs using Nortel Contivity, and intergrating with RSA Ace server I have most of the ground work done, but now I need to come up with something for all of my support people and end users to help get them through all of this. I don't believe in re-inventing the wheel, just
Highly recommended that you rotate your FW-1 log files via fw logswitch.
If your log is so large that it is taking that long, I am surprise you
aren't having other problems with your FW1 log server.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
the cheap way would be to add static routes on the
servers in the dmz, and document it.
--- Scott Pendergast [EMAIL PROTECTED]
wrote:
That would certainly explain what I've seen...
Thanks!
Scott
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent:
-BEGIN PGP SIGNED MESSAGE-
Cisco Security Advisory: Cisco IOS ARP Table Overwrite Vulnerability
=
Revision 1.0
For Release 2001 November 15 08:00 AM US/Pacific (UTC -0700)
-
Almost all of the firewall designs I've read about focus on
enterprise networks, which usually includes the internal, corporate
network, and a DMZ for external services. Unfortunately, for an
ISP, this isn't entirely adequate, since almost all services are
external and so almost all hosts in the
Hello Everyone,
See http://www.cisco.com/warp/public/707/advisory.html for cisco security
bug vulnerablities. Please note that the SSH that runs on a Cisco
internetworking device (all) is NOT the same as on a conventional OS so not
all vulnerabilities will apply.
Thanks,
s
That being said, they are generally a reasonable lot and would be
willing to change if it was shown that there was a credible security
risk. The problem is I cannot seem to locate any specific
vulnerabilities which are opened by allowing traffic over ports 135,
1026 (for authentication)
On Wed, Nov 14, 2001 at 12:52:29AM -0800, [EMAIL PROTECTED] wrote:
All very true, but it does nothing to effect the topology change we
want, where a single large DMZ subnect becomes *instead* a bunch of
small subnets with firewall filtering between them.
My understanding of a guy i talked
Frederic,
Regarding:
I Know that I can open port 80 from the lan to the DMZ instead of trying
to go to internet to get to the DMZ web server but I'd like to
understand why it's not possible.
The PIX is a very simple packet forwarder. When a packet arrives at the
LAN interface from the inside
You are correct, that is exactly how we deploy our Cisco switches.
At 11/15/2001 03:46 PM, Bernd Eckenfels wrote:
On Wed, Nov 14, 2001 at 12:52:29AM
-0800, [EMAIL PROTECTED] wrote:
All very true, but it does nothing to effect the
topology change we
want, where a single large DMZ subnect
Add the -n switch to disable name lookups:
fw logexport -n -d ; -i fw.log -o [log_path]\fw.log
This speeds it up greatly.
If it's still too long, do a fw logswitch regularly.
Darryl Luff
[EMAIL PROTECTED]
From: Julien Maillet [EMAIL PROTECTED]
I use WebTrends FireWall Suite for create
Can you give a little more info? This sounds like a
DNS issue. Can you hit the real ip of the webserver?
(not the nat ip). Also what is logged when you try? If
so what is the hostname.domain for the site from the
internet, and what is it for the internal network?
Message: 7
From:
Delivered-To: [EMAIL PROTECTED]
From: Oscar D. Knight [EMAIL PROTECTED]
Hello All,
I would like to use SunScreen Lite as a host based FW, ie I only want to
protect the host that SunScreen Lite will be installed on. I'm
protecting a server, E220R running Solaris 8 7/01. Does anyone think this
Hmm. Had to rephrase the message to remove 'add' from the first line.
Hopefully 'Hmm' isn't a listproc command word!
From: Darryl Luff [EMAIL PROTECTED]
To: Julien Maillet [EMAIL PROTECTED]
Cc: firewall [EMAIL PROTECTED]
Add the -n switch to disable name lookups:
fw logexport -n -d ; -i
I'm using a Debian woody box (kernel 2.2.17) for a firewall following
the Serious Example in
the ipchains howto (I've previously posted details about this here:
http://lists.debian.org/debian-firewall/2001/debian-firewall-200108/msg4.html).
I'm using kernel 2.2.17. Things have been stable
Hi
See http://www.cisco.com/warp/public/707/advisory.html for cisco
security
bug vulnerablities. Please note that the SSH that runs on a Cisco
internetworking device (all) is NOT the same as on a conventional OS so
not
all vulnerabilities will apply.
I know about those
Nov 14 08:43:42 fwbox kernel: Packet log: ext-if DENY lo PROTO=1
x.y.z.a:3 x.y.z.a:1 L=100 S=0xD0 I=157 F=0x T=255 (#1)
...
This stuff ricochets on the loopback lo with a 'destination-unreachable'
ICMP packet as the source protocol and an 'unassigned' ICMP packet
(type 1) as the
26 matches
Mail list logo
