TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
If i am working with a Network sensor over solaris 2.6, it applies too? thanks Claudia Prada -----Originalhnaks Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nelson Gamazo Sanchez Sent: Martes, 17 de Septiembre de 2002 02:30 p.m. To: Mokkapati Rao Venkat; Jaeger; Alex Holstead ; [EMAIL PROTECTED] Subject: RE: Network sensor TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- This is the answer. The ISS KB say this: When monitoring a sensor through a firewall utilizing NAT, the Console is unable to connect to the event channel for the sensor. This results from the sensor passing the wrong Event Collector IP address to the Console. You will receive an error stating that the connection attempt has timed out. This information applies to: RealSecure Network Sensor 6.0 ONLY RealSecure Server Sensor 6.0 ONLY Windows NT 4.0/2000 ONLY Fix Version: RealSecure 6.5 Related Articles: How do I configure my RealSecure 6.5 Event Collector if I am using NAT? (Answer ID# 743) WARNING!: This solution requires advanced knowledge of both RealSecure and Windows NT. Care should be taken when performing the steps below to avoid possible damage to your system. If you are unsure about any of the steps, please contact your system administrator before making these changes. To implement this workaround on Windows NT/2000 follow the instructions below. 1. Open the attached fwnat.txt file in Notepad. You will see the following at the beginning of the file: 'Please Read 'Set IP = to the IP of your EventCollector 'Set filespec to the path of your common.policy 'To stop script open Task Manager and End Process wscript.exe Option Explicit On Error Resume Next 'Settings '################################################################# Dim IP DIM filespec IP="10.10.60.111" filespec="C:\Program Files\ISS\issSensors\network_sensor_1\common.policy" '################################################################# 2. Edit the Settings section of the file to reflect the appropriate information for your installation. IP should be set to the "real" IP address of your Event Collector, and filespec should be set to the path to your sensor's common.policy. 3. Save the file, then rename it as fwnat.vbs 4. You can launch the script by double-clicking it in Windows Explorer, however, to ensure that it is always running, you will need to implement some way to launch it at system startup. You can do this by creating an AT job (NT 4.0) or a Scheduled Task (2000), or by running it as a service. Microsoft provides a utility to register applications as services in the Windows NT 4.0 and 2000 Resource Kits, available from the link below: -----Original Message----- From: Mokkapati Rao Venkat [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 10:40 PM To: 'Jaeger'; 'Alex Holstead '; ''[EMAIL PROTECTED]' ' Subject: RE: Network sensor TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ------------------------------------------------------------------------ ---- Hi, I don't think it's the problem with NAT, Cause I have used the same setup for 1 year before upgrading it to realsecure 6.5. Regards Venkat -----Original Message----- From: Jaeger [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 2:19 PM To: 'Alex Holstead '; ''[EMAIL PROTECTED]' ' Subject: AW: Network sensor Hi Alex, if you have NAT in place on your firewall, this muzs fail. Please upgrade to wgm and netsensor 6.5, which fixes this problem. BR Karl -----Originalnachricht----- Von: Alex Holstead An: '[EMAIL PROTECTED]' Gesendet: 13.09.02 12:32 Betreff: Network sensor TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ------------------------------------------------------------------------ ---- This shouldn't be rocket science I am trying to set up a Realsecure 6.00 IDS, and have the event collector and console running from a single system, trying to connect to a single network sensor outside the local firewall. The setup went very smoothly, keys are copied and there is traffic between the two systems, but the error " Error trying to connect to network sensor, connection refused. No connection could be made because the target machine actively refused it." keeps appearing. Any assistance would be most welcome. ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ********************************************************************** The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. ********************************************************************** --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.386 / Virus Database: 218 - Release Date: 09/09/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.386 / Virus Database: 218 - Release Date: 09/09/2002
