FW: I'm facing a problem while integrating ISS - Real secure 5.0 with Checkpoint 4.1 (can any one help me)

Tue, 16 Oct 2001 07:53:30 -0700 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------


> Hi,
>       
> *     I'm using an (NT 4.0 server,SP6a, IE4 and ISS Real secure 5.0) as my
> network sensor.
> *     My Checkpoint firewall is Version 4.1 and is installed on Solaris
> 2.7.
> *     My network sensor Is communicating with the Console.
> *     While I try to integrate the Checkpoint firewall with Real secure
> its not working.
> 
> First I have made the following changes in my firewall.
> 
> under $FWDIR\conf
> vi fwopsec.conf 
> 
>                       sam_server              ip              <ip address
> of my firewall>
>                       sam_server              auth_port       18183
>                       lea_server              auth_port       18184
>                       ela_proxy               auth_port       18187
>                       #ela_proxy              auth_type       ssl_opsec
> (commented out)
>                       ela_proxy               auth_type       auth_opsec
> (this line is newly added)
>                       ela_proxy               fwd_machine     <ip address
> of my Firewall>
> 
>                       # authenticated connections for servers
>                       # server       <server IP>     <service port>
> auth_opsec
>                       server        127.0.0.1         18181
> auth_opsec
>                       server        127.0.0.1         18182
> auth_opsec
> 
> sam_allow_remote_requests     yes
> 
> Under $FWDIR\bin
> 
> # fw putkey -opsec <IP addess of the real secure Network Sensor>
> password:********     
> Confirm Password:********
> 
> Then I went to Real secure Network Sensor
> 
> Under \program files\iss\realsecure5.0
> 
> >opsec_putkey <IP address of the Firewall>
> 
> * I could receive the following message
> 
>                       "OPSEC: Received new security control key from <ip
> of firewall>"
>                               "Authentication with <ip of firewall>
> initialized" 
> 
> I have configured the console global response and restored the same for
> the Network sensor
> My console shows me the attacks which are happening and the response is
> OPSEC source IP block. Sensor is also sending the request to block the
> source.
> 
> But my fire wall log is not showing me the SAM request. Also the attacker
> is not getting blocked.
> 
> 
> Can you help me in figuring out to identify and rectify the mistake?
> 
> waiting for your reply
> 
> Thanks and rgds
> Balaji T R

Reply via email to