[FW-1] R55 and ISS RealSecure 7.0.

Subject:	[FW-1] R55 and ISS RealSecure 7.0.
From:	"O'Flynn, Derek" <DOFlyn AT LSUHSC DOT EDU>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 28 Jun 2005 14:20:57 -0500

Anyone have their RealSecure sensor sending SAM requests to a CheckPoint R55
Management which handles a cluster.

I did the following already.
Fw putkey -opsec x.x.x.x for my ids sensor
Opsec_putkey -port fw x.x.x.x for my smartcenter management

Successful authentication

Tested sending a sam request in smartview monitor to my modules for notify,
this worked.
Setup response for opsec for notify.
Setup a rule to use opsec.  

I see the following error messages in the log on my IDS module.
Jun 28 13:54:12 ids_1 ISS[4301]: (network_sensor_1) - send_sam_action( 4, 2,
FW_Cluster, 2, 0, 0x0, 0x0, 0, 6 ) 
Jun 28 13:54:12 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_1 0/2 
Jun 28 13:54:12 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_2 1/2 
Jun 28 13:54:13 ids_1 ISS[4301]: (network_sensor_1) - send_sam_action( 4, 2,
FW_Cluster, 2, 0, 0x0, 0x0, 0, 6 ) 
Jun 28 13:54:13 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_1 0/2 
Jun 28 13:54:13 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_2 1/2 
Jun 28 13:54:13 ids_1 ISS[4301]: (network_sensor_1) - send_sam_action( 4, 2,
FW_Cluster, 2, 0, 0x0, 0x0, 0, 6 ) 
Jun 28 13:54:13 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_1 0/2 
Jun 28 13:54:13 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_2 1/2 
Jun 28 13:54:14 ids_1 ISS[4301]: (network_sensor_1) - send_sam_action( 4, 2,
FW_Cluster, 2, 0, 0x0, 0x0, 0, 6 ) 
Jun 28 13:54:14 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_1 0/2 
Jun 28 13:54:14 ids_1 rsopsecd[4302]: rsopsec_sam_session::sam_ack_event
SAM_MODULE_FAILED FW_2 ½

Tracker logs don't show anything.  But I'm concerned about the 0x0, 0x0,
which I believe is any,any in a SAM request, how come I do not see the
source of the attacker.  Anything I need to do on the smartcenter to allow
the commands to pass?

Derek O'Flynn

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] R55 and ISS RealSecure 7.0., O'Flynn, Derek <=

Previous by Date:	Re: [FW-1] NATing and netowkr related issues, Charalambos Klitiropoulos
Next by Date:	[FW-1] R55 HFA15 released, Ray
Previous by Thread:	[FW-1] [FW1] Smart Center backups \| encryption, . security
Next by Thread:	[FW-1] R55 HFA15 released, Ray
Indexes:	[Date] [Thread] [Top] [All Lists]