Hi all,
yet another issue regarding both Reporting Module and HTTP Resources.
I'm talking of an R55 management station on Windows and a NG FP3 module on a
Nokia, to be clear. Forgive me if I don't talk of Smartview Reporter or
Smart Center, because they aren't looking very smart. So they are Reporting
Module and Management Station.
Installed Reporting Module about a month ago. Setup went fine, logs are
consolidated through the "out-of-the-box" policy, with only slight
modifications. Didn't have any HTTP resource in place, only HTTP rules.
Well, needless to say, web activity reports came out all blank.
So I searched a bit in CP KB and other sources and found how to enable
"Enhanced URL Handling" (or something alike" in the consolidator, and turned
my HTTP outbound rule in an HTTP resource matching *, set to be "URI
Enforcement", as documentation requires.
Collect a bit of logs, and checked out my reports. They are almost fine now,
but for the server name resolution, that seems to be working randomly (if
you generate a report twice, there's no match on which names are resolved
and which are not).
BUT several users started complaining they couldn't use some cool features
anymore (expecially Microsoft-related). Don't want to blame MS for doing
things on a non-standard fashion, I just want to let users do something they
should be allowed to. Thus, I had to get rid of the HTTP Resource, somehow.
I tried setting the resource to "enhance URL Logging". It effectively logs
URLs in the log, but Reporting Module seems unable to handle those, and
reports are cominf out empty. Moreover, some of the HTTP features I
mentioned before still don't work.
Questions:
Has anybody seen this before?
Is there a way to configure an HTTP resource to let HTTP through, without
having to complain about "content disposition", "malformed request" and so
on, just to do logging compatible with Reporting Module?
Is there a way to make reports reliably show names instead of numbers? Do I
have to install a DNS Cache in front of what, the firewall module or the
management station? Who is in charge of name resolutions in reports?
Thanks a lot
NA
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
