Hi All, Today, I found out (the unpleasant way) some interesting things about FW1 v4.1, Solaris, cpconfig, & Security Servers. I run (you all must have this just about memorized now) FW1 v4.1 SP1 Hotfix 41603 Sun Solaris 2.6 on Ultra1 Plus on a seperate NT4.0 SP5 box:-- Websense v3.11 eSafe v2.1/99 ------------------ I use the SMTP, HTTP, and FTP security servers. I was playing with $FWDIR/bin/cpconfig today -- which I shouldn't because I always blow something up. I only wanted to remove some old listing for Administrators. I responded "yes" to restarting "fw" to enforce my changes once I was done. Big mistake. Doing so killed all my security servers. Running "ps -ef | grep ftp" would not display any ftp process (in.aftpd is the fw1 FTP security server). Nor would any of the other security servers appear. Re-running cpconfig to monkey with them, I find -- to my horror -- that 'Security Servers' is no longer a menu option! This is because v4.1 auto-spawns them if you use them in a policy rule. I am/was! So why didn't they start? No idea. (NOTE: It may behave like this in 4.0. I never checked) The only way I could get them to respawn was to reboot my Sun box. Sure enough, after rebooting "ps -ef" would show that none of the security server daemons were running. Once I enabled my rules which had security servers listed in my policy, they all show up with the "ps -ef" command. Interesting, no? Some other tid bits of FW1: $FWDIR/conf/product.conf has some settings in which tell FW1 to use the security servers. I was told that this is done with "Auth=1". Perhaps this is only for one of them (?) $FWDIR/conf/fwauthd.conf lists what security server, and at what port, to listen to. I wonder if you can set up an additional one for HTTP at port 8080 -- or other non-standard, but used, HTTP ports? Anyone try this? -- Chris Thanks -- Chris __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
