You can actually add these firewall parameters to the root files used for builds. You need to create a "custom version" of RSDP on Site Protector. This is done by taking a version ISS hands down, and modifing the base files located in the:
(DRIVE)\Program Files\ISS\RealSecure SiteProtector\Desktop Controller\versions\ ...folder. This folder contains all the versions and raw files that Site Protector uses to create agent builds (and push down updates to clients). Create a copy of the version you want to modify and rename the directory (I usually call it something like 7.0ebo-1) Then modify the firewall.ini file in the "Blackd" directory to include the parameters you want. You can also use this tactic to modify the issuelist.csv. BUT - keep in mind, when ISS hands down a new version, you'll have to manually move your changes over to te new version (or a copy of the new version). Once you get a feel for the parameters and files, is actually pretty easy to do. Oh, and remember to stop and restart your desktop controller after you have added your new custom version. ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sergey V Soldatov Sent: September 07, 2004 3:10 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [ISSForum] Advanced firewall parameters of Desktop Protector viaSiteProtector console Good day. I've found that not all parameters that are available for configuration through configuration files (frewall.ini, blackice.ini) can be configured via SiteProtector Console. All available configuration parameters could be found in "Real Secure Agent Advanced Administration Guide v. 7.0", file is called BI-AAG_70.pdf. So, the question is how I can edit the following parameters from SiteProtector console: tunnel.udp.maxpendingtime tunnel.udp.subnetmask auto-blocking.timeout tunnel.simple that are not available from SP console. Of course, I can edit configuration files, but it's not convenient when number of Desktop agents about 1000! Thanks. --- Best regards, Sergey V. Soldatov. tel/fax +7 095 745 89 50 (2663) _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
