I have had the same issue, and Checkpoint is no help. The doc for this from the ISS page has not been very helpful either. I have had to issue the command from my management server to the gateway in this order:
Fw sam -v -I src <IP Address> Modifying the fwopsec.conf file worked well on 4.1 but not on NG. Two calls to ISS support yielded little help. I hope someone has a real fix for this...it's a feature I really miss now that we have upgraded to NG. Thanks, Darrell -----Original Message----- From: Falck, Axel (ISS Paris) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:19 PM To: Nelson Fernando Aranzazu; [EMAIL PROTECTED] Subject: RE: Configuring RealSecure to use OPSEC with FireWall-1 TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hello, if the command fw sam -i src "any_ip_address" -t60 doesn't works, the issue is from CheckPoint software. This command is very usefull to check the OPSEC implementation on FW. it does works event no RealSecure Installed Hope this Helps Axel FALCK -----Message d'origine----- De : Nelson Fernando Aranzazu [mailto:[EMAIL PROTECTED]] Envoy� : mardi 1 octobre 2002 16:10 � : [EMAIL PROTECTED] Objet : Configuring RealSecure to use OPSEC with FireWall-1 Hello, I'm trying to implement OPSEC between Network Sensor 6.5 and CheckPoint Firewall-1 NG FP2 (installed with backward compatibility) but it doesn't work. I have already configured the "fwopsec.conf" file in the firewall, applied the keys and configured the network sensor to use OPSEC. But when I'm trying to test the SAM response executing "fw sam -t 60 -i any_ip_address" the firewall shows the follow message: "sam: Unexpected end of session. It is possible that the SAM request for 'Inhibit src ip any_ip_address on All' was not enforced." Had anybody had this kind of situation? Thanks. ________________________ Nelson Fernando Aranzazu Administrador LAN-WAN Equant - Data Center Bogot�, Colombia. - JENKENS & GILCHRIST E-MAIL NOTICE - This transmission may be: (1) subject to the Attorney-Client Privilege, (2) an attorney work product, or (3) strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. This communication does not reflect an intention by the sender or the sender's client or principal to conduct a transaction or make any agreement by electronic means. Nothing contained in this message or in any attachment shall satisfy the requirements for a writing, and nothing contained herein shall constitute a contract or electronic signature under the Electronic Signatures in Global and National Commerce Act, any version of the Uniform Electronic Transactions Act or any other statute governing electronic transactions. _______________________________________________ ISSforum mailing list [EMAIL PROTECTED]
