TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi,
I am experiencing some problems trying to get RealSecure to talk to a
Checkpoint FW-1 4.1 via OPSEC in a test environment. The Realsecure console
and network engine are on the same (NT) computer. The Firewall-1 GUI,
management station and firewall engine are also on one NT host.
I am basically following the steps described in the "Using RealSecure to
Configure Check Point FireWall-1" tech note.
The FW PUTKEY on the FW-1 appears to be successful, as is the opsec_putkey
on the RealSecure machine:
C:\Program Files\ISS\RealSecure 3.2>opsec_putkey 10.0.0.1
Enter secret key:
Again secret key:
OPSEC: Received new control security key from 10.0.0.1
Authentication with 10.0.0.1 initialized
However, as soon as the Realsecure detects an attack and it is supposed to
undertake an OPSEC action, I get a "SamSendAction Failed to send action for
host ..." high priority message on the console.
I have followed the troubleshooting/debugging steps described in the tech
note (starting the network engine from a command prompt) and there seems to
be an OPSEC related problem. When I start the network engine from the
command prompt and set the debugging level to 3, I get:
C:\Program Files\ISS\RealSecure 3.2>network_engine.exe
Reloaded The General Configurations for the Engine.
RealSecure Starting. Product Version '3.2.1999.350'
error in opsec_connect
Reloading user defined strings into finders.
Opening Adapter "[1] Compaq Netelligent 10/100 TX PCI UTP Network Adapter".
Using driver version "3.1.1999.124".
When the RealSecure is supposed to be contacting the FW-1, I get:
Send Firewall request: 172.20.8.1
SamSendAction Failed to send action for host: 172.20.8.1
Send Firewall request: 172.20.8.1
SamSendAction Failed to send action for host: 172.20.8.1
I did't capture any network traffic between the RealSecure box and the FW-1.
As described in the tech note, I rebooted the FW-1 to make sure (also
rebooted the RealSecure), but to no avail.
Any help on this would be greatly appreciated.
Also, I am thinking about reinstalling the TCP/IP protocol on the RealSecure
machine and reapplying an NT service pack, but I don't know if the
RealSecure installation has modified anything to the NT TCP/IP stack that
will be broken by a protocol reinstall...
-Regards,
Filip
