Well I'm glad you got it working. Raptor has historically been 6 months
behind the curve in updating their code to work with new OS patches,
especially with NT. I think service pack 4 was out for at least a year
before they had released version 6 to work with it, the 6.02 patch (my
mistake) did come out rather quickly after SP5 compared to the others.
Raptor makes a lot of OS modifications to NT, so who knows what is "really"
working and what isn't.
I agree that the documentation is lacking, it has always been that way, but
before Axent took over Raptor you could rely on support to help you out.
The Axent support of Raptor is seriously lacking in talent and personnel,
and can take up to a couple of days to return a phone call unless your
Firewall is down. The web site documentation isn't updated in a timely
manner, most of the configuration documents for version 6 haven't been
updated yet, even though most of the version 5 docs apply. I'm guessing
they are losing a lot of current customers because of these problems, even
though they keep promising things will get better.
As far as the terms, I take them with a grain of salt, because each
company munges them together to their own liking anyway. The term proxy
for Raptor has been kept since the earliest versions of the Firewall, when
that term was more common for transparent redirected connections. Axent
touts it as an application-level gateway even though their daemons are
called application proxies.
As far as mail relay, it is my understanding the SMTPd on Raptor doesn't
spool mail, but proxies the connections line by line, doing known attacks
and syntax checking, etc., so I don't know how store-and-forward that
really is. Adding a process like a MTA on top of that would slow it down
even further and open the Firewall up to DoS attacks, etc. (better to have
a mail server die than the firewall) I agree that should be more clearly
stated in the docs, as it seems many people attempt to use it as a relay
before figuring that it doesn't work. Most people I know of that use
Raptor use some type of internal (vs external) MTA to send and receive
their mail.
John Monahan
Network Administrator
Liberty Diversified Industries
(612) 536-6677
"Enno Rey"
<[EMAIL PROTECTED] To:
<[EMAIL PROTECTED]>
elberg.de> cc: <[EMAIL PROTECTED]>
Sent by: Subject: Re: Problems with Raptor
6/NT
firewalls-owner@lists
.gnac.net
01/11/00 02:10 PM
John Monahan wrote:
> Raptor is not certified with NT SP6anything, so go back to SP5+hotfixes
and
> you shouldn't have any problems. They had to release a new version,
6.01,
> to work with SP5, so I'm assuming there will be another new version that
> will work with SP6a.
Now after I found the origin of my problems (see below), it works pretty
fine. /With/ SP6a and all Post-Sp6-hotfixes available end of december (and
even some handmade scripts enforcing security of NT systems, among others
see people.hp.se/stnor/hpntbast13.pdf).
BTW: Axent released patch 6.02 (I'm working with) some months ago to work
with SP5.
> Remote Log is installed with Raptor 6 in \raptor\firewall\bin on NT.
No, it is NOT installed in this location. You can find it on CD in
\additional
software\axent\rlog.
> Check page 9-16 of the Raptor reference guide for more information.
Somebody stated here some time ago that Raptor documentation is not very
helpful.
It's even worse. There are LOTS of things that just don't work as
described.
It's some kind of marketing paper, no technical doc.
On their web site you can't find anything. Tech support was not able to
answer evident questions (from a retrospective point of vue).
My problem with outbound SMTP (see below) was solved after I searched - by
coincidence - the internet for the term 'MX rollover' (anybody here who's
able to explain what this is, or better to state in which RFC it's
described?). /THEN/ I found on Axent web site the paper I had been
searching
for which described exactly my problems:
Raptor SMTP Proxy does NOT work as MX relay (again: anybody here who would
expect a 'proxy' of a store-and-forward protocol to work transparently?).
You have to configure your internal mail servers to deliver directly.
That's
rather hard to find in documentation. And (even if I don't like those
sophisticated discussions about technical terms): is this a 'proxy'?
Something working transparently is no proxy. Maybe an application gateway.
And, remember, store-and-forward protocol...
[Enno Rey]
>> Is anybody here who got outbound SMTP via Raptor 6/NT (SP 6a + some
patches
>> + Raptor patch 6.02) to work?
>> I tried the whole night from internal Exchange 5.5, from internal
sendmail
>> 8.7.6, via direct access from Outlook, directly telnetting to port 25
>> internal interface or port 25 at MX outside the firewall, disabling
ESMTP
>> on Exchange and whatever.
>> I called Axent tech support (they gave me a case number...), searched
up'n
>> down the Internet.
>> I sniffed round the firewall: SMTP connections to firewall don't seem to
>> get any further than TCP handshake, but on the outside I see DNS traffic
>> for
>> resolving MX for mail addresses from internal queue ... strange!
>> For testing purposes, I even allowed 'universe to universe SMTP' (don't
>> blame me, being desperate) - nothing!
>> Messages to internal mailers alike 'service not provided to you', logs
on
>> firewall indicated something like 'x.x.x trying non-transparent access'
(so
>> I enabled various forms of transparency) or 'timeout: x.x.x didn't
respond
>> to startup command' (I don't know any SMTP 'startup' command, do you?).
>> I ended up with redirecting ports to mailer outside firewall.
Thatworked.
>> But then I don't need 'high-end' SMTP-proxy. And then I have to
configure
>> outside mailer to relay generously...
Enno Rey
[EMAIL PROTECTED]
PGP: FB9B DA6D 6706 5A8D A361 F63C 6650 E4C8 3BBE 04E9
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
