I gave up after almost a year of trying and settled on using the "Kill" feature as the best I could do...
Kevin -----Original Message----- From: Slighter, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 12:02 PM To: 'Falck, Axel (ISS Paris)'; Brooks, Darrell W.; Nelson Fernando Aranzazu; [EMAIL PROTECTED] Subject: RE: [ISSForum] RE: Configuring RealSecure to use OPSEC with FireW all-1 Aside from your recommendations. Did you meet with any success getting the network sensor to successfully generate an OPSEC command to the NG firewall ? We setup the entire design using the -ssl to ensure the OPSEC channel was being used as "Authenticated" and NOT "Authenticated with encryption". Actually, we tried it every possible way following word for word every step and instruction from all documents from Checkpoint and ISS and Phoneboy and the OPSEC still does NOT work. If you have been able to get this to work successfully and witnessing actual OPSEC events in the logs as well as actual OPSEC changes to the rules in the firewall, please share this information with the mailing list. Thank you -----Original Message----- From: Falck, Axel (ISS Paris) [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 1:02 AM To: Brooks, Darrell W.; Nelson Fernando Aranzazu; [EMAIL PROTECTED] Subject: [ISSForum] RE: Configuring RealSecure to use OPSEC with FireWall-1 Did you tried http://www.phoneboy.com And so, use the -ssl option into your fwopsec putkey command on NG. Be aware that in any case the fwopsec putkey commanbd MUST be done in FIRST on Check Point, and after on RealSecure Hope this helps Axel FALCK -----Message d'origine----- De : Brooks, Darrell W. [mailto:[EMAIL PROTECTED]] Envoy� : jeudi 3 octobre 2002 23:42 � : Falck, Axel (ISS Paris); 'Nelson Fernando Aranzazu'; '[EMAIL PROTECTED]' Objet : RE: Configuring RealSecure to use OPSEC with FireWall-1 I have had the same issue, and Checkpoint is no help. The doc for this from the ISS page has not been very helpful either. I have had to issue the command from my management server to the gateway in this order: Fw sam -v -I src <IP Address> Modifying the fwopsec.conf file worked well on 4.1 but not on NG. Two calls to ISS support yielded little help. I hope someone has a real fix for this...it's a feature I really miss now that we have upgraded to NG. Thanks, Darrell -----Original Message----- From: Falck, Axel (ISS Paris) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:19 PM To: Nelson Fernando Aranzazu; [EMAIL PROTECTED] Subject: RE: Configuring RealSecure to use OPSEC with FireWall-1 TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hello, if the command fw sam -i src "any_ip_address" -t60 doesn't works, the issue is from CheckPoint software. This command is very usefull to check the OPSEC implementation on FW. it does works event no RealSecure Installed Hope this Helps Axel FALCK -----Message d'origine----- De : Nelson Fernando Aranzazu [mailto:[EMAIL PROTECTED]] Envoy� : mardi 1 octobre 2002 16:10 � : [EMAIL PROTECTED] Objet : Configuring RealSecure to use OPSEC with FireWall-1 Hello, I'm trying to implement OPSEC between Network Sensor 6.5 and CheckPoint Firewall-1 NG FP2 (installed with backward compatibility) but it doesn't work. I have already configured the "fwopsec.conf" file in the firewall, applied the keys and configured the network sensor to use OPSEC. But when I'm trying to test the SAM response executing "fw sam -t 60 -i any_ip_address" the firewall shows the follow message: "sam: Unexpected end of session. It is possible that the SAM request for 'Inhibit src ip any_ip_address on All' was not enforced." Had anybody had this kind of situation? Thanks. ________________________ Nelson Fernando Aranzazu Administrador LAN-WAN Equant - Data Center Bogot�, Colombia. - JENKENS & GILCHRIST E-MAIL NOTICE - This transmission may be: (1) subject to the Attorney-Client Privilege, (2) an attorney work product, or (3) strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. This communication does not reflect an intention by the sender or the sender's client or principal to conduct a transaction or make any agreement by electronic means. Nothing contained in this message or in any attachment shall satisfy the requirements for a writing, and nothing contained herein shall constitute a contract or electronic signature under the Electronic Signatures in Global and National Commerce Act, any version of the Uniform Electronic Transactions Act or any other statute governing electronic transactions. _______________________________________________ ISSforum mailing list [EMAIL PROTECTED] _______________________________________________ ISSforum mailing list [EMAIL PROTECTED] _______________________________________________ ISSforum mailing list [EMAIL PROTECTED]
