I'm trying to support connections between a client app and an MS SQL
server through the firewall (IP330, IPSO 3.8, CP NG w/AI R55p). I've
got a rule set up from the source to the destination allowing
MS-SQL-Server_SD_2433, and I've got the SQL server indeed talking on
port 2433.
In enabling the MS-SQL rules in SmartDefense, however, if I check "Block
Pre-authentication buffer overflows" I (a) can't connect from the client
app to the SQL server, and (b) see most of the traffic blocked on rule
6995, which appears to be associated with blocking Pre-authentication
buffer overflows.
If I turn this one SmartDefense option off, things work fine. If I set
the SmartDefense checks for MS-SQL to "Monitor Only" the connections
work, and I see the 6995's logged as expected.
So, my question: Am I the only one seeing this? I'm not entirely sure
what this SmartDefense check does, is it moderately safe to shut it off?
I need the hole I'm creating in my firewall to be as well controlled as
reasonably possible, so any assistance you can provide will be
appreciated.
Peter
Software developer and sometimes firewall manager
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
