If I may interject at this point please....the NS is sending SAM messages to the firewall, is it also sending true OPSEC commands and implementing an inhibit on a blocked connection and implementing this on the firewall ?
-----Original Message----- From: Nelson Fernando Aranzazu [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 2:30 PM To: [EMAIL PROTECTED] Cc: Agapitos Chrysochoos Subject: [ISSForum] RealSecure OPSEC with FireWall-1 is working Right now the implementation of OPSEC between the network sensor and FireWall-1 NG FP2 is working. I've followed the instructions that Agapitos Chrysochoos([EMAIL PROTECTED]) sent me and the situation was fixed. Although the "fw sam..." command is not working and never worked, the most important thing is the NS is sending SAM messages to the firewall and it works. Thanks to everyone who sent me advices specially to Agapitos for the document, it was helpful. Regards, ________________________ Nelson Fernando Aranzazu Administrador LAN-WAN Equant - Data Center Bogot�, Colombia. ----- Original Message ----- From: "Agapitos Chrysochoos" <[EMAIL PROTECTED]> To: "Nelson Fernando Aranzazu" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 03, 2002 2:08 AM Subject: RE: Configuring RealSecure to use OPSEC with FireWall-1 > Dear Nelson, > > You have probably already seen a technical paper on the support site at > iss.net. However, I have attached in case it solves the problem. > > I have tried it with the previous feature pack, and it worked fine. > Unfortunately not with FP2. > > > I also attach the answer from the technical site of iss on a similar > problem: > -------------------------------------------------------------------------- -- > -------------------------------------------------------------------------- -- > -------------------------------------- > Attached is the document that explains how to configure RealSecure 6.0 OPSEC > responses. > > If you follow the instructions provided in the document and still seem to be > unable to get the response to work, it is recommended that you run some > tests regarding SAM responses from a command line on the Check Point > Management server. If your tests don't work from a command line, it is an > indication that there is a Firewall configuration issue. At that point, you > will need to contact your Check Point Firewall support to assist you in > resolving the firewall configuration issue. > > FAQ: How do I know who my Check Point Firewall Tech Support is? > Answer: Whoever you purchased this from will provide support. > > To run this test: > from /opt/CPfw1-41/bin enter the command fw sam -i src "any_ip_address" -t > 60. > > This should inhibit the source IP address for 1 minute. This should show up > in the Firewall logs as a control action with description of SAM inhibit. > > This would let us know that the Firewall is properly configured allowing us > to concentrate on the RealSecure side of the situation. > -------------------------------------------------------------------------- -- > -------------------------------------------------------------------------- -- > ---------------------------------------- > > Best of luck and hope everything works fine by now! > > Kind Regards, > > ============================================ > Agapitos Chrysochoos > IT Security Consultant > > Space Hellas S.A. > 302, Messogion Av. > 155 62, Athens > Greece > Tel. +30 106504357 > Fax. +30 106504204 > ============================================ > > > > > > > > > > > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Nelson Fernando Aranzazu > Sent: Tuesday, October 01, 2002 5:10 PM > To: [EMAIL PROTECTED] > Subject: Configuring RealSecure to use OPSEC with FireWall-1 > > > Hello, > > > > I'm trying to implement OPSEC between Network Sensor 6.5 and CheckPoint > Firewall-1 NG FP2 (installed with backward compatibility) but it doesn't > work. > > > > I have already configured the "fwopsec.conf" file in the firewall, applied > the keys and configured the network sensor to use OPSEC. But when I'm trying > to test the SAM response executing "fw sam -t 60 -i any_ip_address" the > firewall shows the follow message: "sam: Unexpected end of session. It is > possible that the SAM request for 'Inhibit src ip any_ip_address on All' was > not enforced." > > > > Had anybody had this kind of situation? > > > > Thanks. > > > ________________________ > Nelson Fernando Aranzazu > Administrador LAN-WAN > Equant - Data Center > Bogot�, Colombia. > > > > _______________________________________________ ISSforum mailing list [EMAIL PROTECTED] _______________________________________________ ISSforum mailing list [EMAIL PROTECTED]
