If you need the list of links related to check Point as well as to the other Information Security topics you might want to use the following Index list: http://www.rtek2000.com/Tech/InternetSecureLinks.html (updated frequently, your suggestions for new links are appreciated)
Best regards, Roman M. Zeltser, @National Computer Center DNE, RSIS -----Original Message----- From: Tam, Stephen [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 5:35 PM To: 'Marco Tramacere'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ISSForum] ISS Network sensor and Checkpoint NG fp3 I saw a post from CheckPoint Mail List that should answer your question. I cut-and-paste it here. ----------------------------------- -----Original Message----- From: Manuel Cabrera Silva [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 10:17 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] fw sam error Hello Mick, Finally I made it work today. You need NG FP3 HF-1 (at least for my cluster configuration). In fact it must work on a default instalation. Try this: fw sam -v -s <fw object name> -D If you still have the same answer, try to reset sic communication between the module and management (caution you may lose conection). Reinitialize SIC comunication and try again. If you have a success response, then try fw sam -v -D. I hope you to have a succefull response so that you can configure Realsecure communication. In the management: fw putkey -opsec <ip realsecure net sensor> (provide a shared secret twice as requested) In the RS Sensor: opsec_putkey <ip management> (provide same secret requested before, twice again) Afeter that, from the RS Console stop and restar the sensor and that's all. (check reponses so they are directed to the management, and a good way to test it is enabling the "email debug" detection) Finally, if you are unable to get a successful response at the manual execution of sam commands from the management, think on sic_reset. This operation is risky but it can be controled ("backup you configuration first"). This might let you an unusable management and ready to use you backup. I hope this can can help you to configure your RealSecure. By the way, as you only have one module, you can configure RS to interact directly with it, replace management ip for module ip in the previous procedure, even in RS responses and it works. Manuel Cabrera CCSA. NSA. Cosapisoft -----Original Message----- From: Mick Toothaker [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 9:41 AM To: [EMAIL PROTECTED] Subject: [FW-1] fw sam error I am working with OPSEC suspicious activity messages (SAM), trying to get our RealSecure IDS to originate SAM and CheckPoint NG to respond to SAM. The next step I need to take is making sure that "fw sam -v -t 60 -i src <IP address>" manual methods work. Well, they are not. When I enter the address>above command at the management console, I get the following error: sam: Unexpected end of session. It is possible that the SAM request for 'Inhibit Drop Close src ip <IP addressas> on All' was not enforced. where <IP address> is a dotted decimal IP address. I found the article on the SecureKnowledge database "sk8382", but that did not make any difference, and I am not sure that article applies to my environment. VPN-1 NG FP3 (non-HF1), single enforcement point, single management console. Enforcement point: SecurePlatform, NG FP3, Second Edition (non-HF1) Management console: Windows 2000 Server, NG FP3 (non-HF1) Mick Toothaker Manager of Technology Services Fidelity Bank, Wichita, KS -----Original Message----- From: Marco Tramacere [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 6:52 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [ISSForum] ISS Network sensor and Checkpoint NG fp3 Hi, sorry to bother you, I saw your post in issforum: RealSecure Network Sensor don't reconfigure your security polici, it uses Check Point SAM Module (Suspicious Activity Monitoring), ......... the network sensor signal first it is send to the firewall management server and then it is send to the Firewall Module. I'm having trouble exacly with this configuration. I made it work with direct communication between the Network sensor and the FW Module but not via NS -> FWManagment -> FWModule. When I try to set up the communication between NS and the FWManagement The "putkey" commands succed. cp mngmt: C:\Servers\FW1\NG\bin>fw putkey -opsec -p mypass 192.168.205.10 rs ns: /opt/ISS/RealSecure6_5/opsec_putkey -p mypass 192.168.205.5 OPSEC: Received new control security key from 192.168.205.5 Authentication with 192.168.205.5 initialized In The response policy that I applied, I did define: FW manament station: 192.168.205.5 FW Module: tryed with "all" or specifying the ip of the module: 192.168.205.1 With a network sniffer I see the sam command going from the NS to the FW Mngmt but it seems that the FW management does not "proxy" the sam request to the FW module. do you have any idea ? best regards Marco _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
