I use raptor on Solaris rather then on NT, comments below
On Tue, 7 Dec 1999, Jon Earle wrote:
> I'm evaluating Raptor firewall for a client, and I have to provide a
> reccomendation for purchase by the beginning of next week. I personally
> prefer a homebuilt solution of using TIS FWTK plus packet filters on a unix
> box of some fashion, but that is not an option here for a variety of
> reasons (some political, some technical).
>
> I created a box running Windows NT 4.0, and I installed SP6 (installed that
> before I had the product eval in my hand). The first install blew up in my
> face - the firewall protocol didn't start, then after a reboot or two, none
> of the adapters would start. I uninstalled the product and reinstalled,
> and this time, it appeared to install correctly. I then applied the 6.0.2
> patch, without issue. (If it had blown up on me again, I'd have reinstalled
> NT with SP5, but it appears to run as it is. If there are security
> concerns with SP6 and Raptor, I'm eager to know!).
>
I do remember hearing something along the lines that SP6 and raptor are
not certified to work togeather
> All I want this box to do is allow outbound http(s), ftp, telnet and smtp
> (which will also be allowed in to an internal mail server). DNS must be
> available.
>
> Now, using the configuration guide, I setup smtp, web, ftp and dns (that
> dns proxy is UGLY! I'm tempted to rip it out and use NT DNS.) I've
> disabled the daemons except for smtpd, telnetd and dnsd.
>
AGREED, I run standard bind on my boxes, the dns proxy is fine for someone
who has no idea what dns is, but if you are used to dealing with bind it
is horrible
> Okay, I can surf etc. There are three rules:
>
> 1. to allow outbound ftp and http access.
> 2. to allow outbound smtp access from the mail server to the universe.
> 3. to allow the universe to send smtp mail to the mail server.
>
> The problems I've found so far:
>
> 1. SMTP doesn't seem to work - it wouldn't accept me telnetting to port 25
> and issuing standard SMTP commands (HELO works, MAIL FROM: gives me a bad
> command error). This is a problem for us.
>
check the settings of the smtp proxy, you need to tell it where your real
mail server is. also when you do the mail from make sure you put the
address in <>
> 2. I can telnet to the box from anywhere! Why is this? I've setup no rule
> to allow this! The telnetd daemon is running, but shouldn't I have to
> create a rule to allow access?
you can reach the telnet proxy, unless you have a rule in place it will
not let you connect anywhere else
> 3. The description for spoof protection is very vague. I thought I spoof
> protected the internal network on the external interface, but all that did
> was to prevent operations from the box to the localnet (ie: telnet to the
> internal mail server).
>
> 4. Based on #2 (and my own admitted ignorance of this product), I now have
> no confidence that services on this box are disabled until expressly enabled.
>
all proxies are sunning by default. I don't remember the NT GUI well
enough to tell you where to go, but there is a screen you can get to that
allows you to disable all the proxies
> What tools can I use to perform some basic testing of this box? Where can
> I find more information (the Axent homepage appears largely devoid of
> useful information, the manuals appear to be simple "how to see the world"
> descriptions of the services and a question on testing directed at Axent
> tech support resulted in a phone message telling me "telnet to the ports")
> on how to properly configure this particular product and what to watch for?
> Advice? Tips? Etc?
>
> Thanks in advance!
> Jon
saint, satan, and other scanners are all helpful to see what the box looks
like. As there are a lot pf proxies running (even though they are set not
to allow anything through) the box will look _really_ bad unless you
disable all the proxies
David Lang
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
