Yes, it is. The NS successfully sends OPSEC messages to the FW-Management, and the FW closes the sessions and inhibits the suspicious IP.
----- Original Message ----- From: "Slighter, Tim" <[EMAIL PROTECTED]> To: "'Nelson Fernando Aranzazu'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: "Agapitos Chrysochoos" <[EMAIL PROTECTED]> Sent: Monday, October 07, 2002 9:57 AM Subject: RE: [ISSForum] RealSecure OPSEC with FireWall-1 is working > If I may interject at this point please....the NS is sending SAM messages to > the firewall, is it also sending true OPSEC commands and implementing an > inhibit on a blocked connection and implementing this on the firewall ? > > -----Original Message----- > From: Nelson Fernando Aranzazu [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 04, 2002 2:30 PM > To: [EMAIL PROTECTED] > Cc: Agapitos Chrysochoos > Subject: [ISSForum] RealSecure OPSEC with FireWall-1 is working > > > Right now the implementation of OPSEC between the network sensor and > FireWall-1 NG FP2 is working. > > I've followed the instructions that Agapitos Chrysochoos([EMAIL PROTECTED]) sent > me and the situation was fixed. Although the "fw sam..." command is not > working and never worked, the most important thing is the NS is sending SAM > messages to the firewall and it works. > > Thanks to everyone who sent me advices specially to Agapitos for the > document, it was helpful. > > Regards, > > ________________________ > Nelson Fernando Aranzazu > Administrador LAN-WAN > Equant - Data Center > Bogot�, Colombia. > > > ----- Original Message ----- > From: "Agapitos Chrysochoos" <[EMAIL PROTECTED]> > To: "Nelson Fernando Aranzazu" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Thursday, October 03, 2002 2:08 AM > Subject: RE: Configuring RealSecure to use OPSEC with FireWall-1 > > > > Dear Nelson, > > > > You have probably already seen a technical paper on the support site at > > iss.net. However, I have attached in case it solves the problem. > > > > I have tried it with the previous feature pack, and it worked fine. > > Unfortunately not with FP2. > > > > > > I also attach the answer from the technical site of iss on a similar > > problem: > > -------------------------------------------------------------------------- > -- > > -------------------------------------------------------------------------- > -- > > -------------------------------------- > > Attached is the document that explains how to configure RealSecure 6.0 > OPSEC > > responses. > > > > If you follow the instructions provided in the document and still seem to > be > > unable to get the response to work, it is recommended that you run some > > tests regarding SAM responses from a command line on the Check Point > > Management server. If your tests don't work from a command line, it is an > > indication that there is a Firewall configuration issue. At that point, > you > > will need to contact your Check Point Firewall support to assist you in > > resolving the firewall configuration issue. > > > > FAQ: How do I know who my Check Point Firewall Tech Support is? > > Answer: Whoever you purchased this from will provide support. > > > > To run this test: > > from /opt/CPfw1-41/bin enter the command fw sam -i src "any_ip_address" -t > > 60. > > > > This should inhibit the source IP address for 1 minute. This should show > up > > in the Firewall logs as a control action with description of SAM inhibit. > > > > This would let us know that the Firewall is properly configured allowing > us > > to concentrate on the RealSecure side of the situation. > > -------------------------------------------------------------------------- > -- > > -------------------------------------------------------------------------- > -- > > ---------------------------------------- > > > > Best of luck and hope everything works fine by now! > > > > Kind Regards, > > > > ============================================ > > Agapitos Chrysochoos > > IT Security Consultant > > > > Space Hellas S.A. > > 302, Messogion Av. > > 155 62, Athens > > Greece > > Tel. +30 106504357 > > Fax. +30 106504204 > > ============================================ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Nelson Fernando Aranzazu > > Sent: Tuesday, October 01, 2002 5:10 PM > > To: [EMAIL PROTECTED] > > Subject: Configuring RealSecure to use OPSEC with FireWall-1 > > > > > > Hello, > > > > > > > > I'm trying to implement OPSEC between Network Sensor 6.5 and CheckPoint > > Firewall-1 NG FP2 (installed with backward compatibility) but it doesn't > > work. > > > > > > > > I have already configured the "fwopsec.conf" file in the firewall, applied > > the keys and configured the network sensor to use OPSEC. But when I'm > trying > > to test the SAM response executing "fw sam -t 60 -i any_ip_address" the > > firewall shows the follow message: "sam: Unexpected end of session. It > is > > possible that the SAM request for 'Inhibit src ip any_ip_address on All' > was > > not enforced." > > > > > > > > Had anybody had this kind of situation? > > > > > > > > Thanks. > > > > > > ________________________ > > Nelson Fernando Aranzazu > > Administrador LAN-WAN > > Equant - Data Center > > Bogot�, Colombia. > > > > > > > > > > _______________________________________________ > ISSforum mailing list > [EMAIL PROTECTED] > _______________________________________________ ISSforum mailing list [EMAIL PROTECTED]
