Hi, RealSecure Network Sensor don't reconfigure your security policity, it uses Check POint SAM Module (Suspicious Activity Monitoring),with the purpose of blocking src dest or tcp port like if you were monitoring your current conections, and you take a blocking action in some of them. You can configure the time of the broken conection and what event to trigger it. And the answer is not, you shouldn't have the same policy in all Firewall (for this reason). But if you have one management server for all firewall module, the network sensor signal first it is send to the firewall management server and then it is send to the Firewall Module. You should have care with the src IP because it could be that you dont want blocking this src or dest or tcp session in all your Firewalls. Finally, you should have care if you have 1 Firewall Management Sever for all modules, although you can do it always measurings risks of desconecting this IP address or TCP port in all your Firewalls. Bye
-----Mensaje original----- De: as dsf [mailto:[EMAIL PROTECTED]] Enviado el: lunes, 17 de febrero de 2003 22:53 Para: [EMAIL PROTECTED] Asunto: [ISSForum] Checkpoint Firewall Reconfiguration by RealSecure (More than 1 Fw Policy file) We are currently testing ISS RealSecure solution which includes: - SiteProtector 1.2 + Network Sensors + Server Sensors - Checkpoint Management Console administering 3 Checkpoint firewall-1 with a different policy file for each one. Question: Since I am about to use the firewall reconfiguration by RealSecure IDS feature , i need to know if i should pack my 3 different policy files in just a unique one in order this feature of firewall reconfiguration actually works. Thanks __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo ************************************************************ La informaci�n transmitida va dirigida �nicamente a la persona o entidad que se muestra como destinatario y puede contener datos confidenciales o privilegiados. Toda revisi�n, retransmisi�n, diseminaci�n u otro uso o acci�n al respecto por parte de personas o entidades distintas al destinatario est� prohibida. Si recibe esto por error, por favor contacte con la persona que figura como remitente y elimine el material de cualquier ordenador. ************************************************************ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
