[FW-1] stop SmartDefence on remotely managed Edge

Subject:	[FW-1] stop SmartDefence on remotely managed Edge
From:	Motta Corrado <Corrado.Motta AT RTSI DOT CH>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 20 Jul 2006 14:48:10 +0200

Hi Gurus.

Situation:
----------
Central managed CP on Splat R61
Remote X-edge Embedded NGX-6.0.76x

SmartDefence on the R61 have this configuration in ApplicationInteligence:
FTP 
  |--> FTP security server
                |--> Block Port Overflow turned off (not checked)
                |--> Blocked FTP command with all commands inside the "allowed 
commands list"

SmartDefence on the NGX-6.0.76x have this configuration:
FTP 
 |--> Block Port Overflow: Action None (via web interface)
 |--> Blocked FTP command: Action None (via web interface)      
                                   no blocked commands

Problem:
--------
I install the policy on the xEdge via SmartConsole 
and the settings change into:
FTP 
 |--> Block Port Overflow: Action Block
 |--> Blocked FTP command: Action Block
                                   no blocked commands

Symptoms: 
- Nobody is able to setup an FTP session trough the xEdge. 
- The logs are like this one:
        Product:                VPN-1 Edge
        Origin:                 xEdge
        Type:                   Log
        Action:                 Reject
        Protocol:               tcp
        Service:                ftp (21)
        Source:                 a.a.a.a
        Destination:            b.b.b.b
        Rule:                   -22
        Source Port:            3097
        Attack Name:            FTP Illegal command
        File Direction:         Outbound
        Information:                    msg: Packet logged

- If I try to change the setting on the xEdge: "Error: This configurable item 
is remotely managed."
- xEdge Restart ==>     no problem If I try to change the setting on the xEdge 
                                and all the FTP session run correctly.

I think that's a bug.
Waiting the bug-resolution, 
I would like to know if is it possible to disable the "Smartdefence agent" on 
the xEdge?

Regards 

Corrado

******************************************************
Visit: http://www.rtsi.ch
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify postmaster AT rtsi DOT ch

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] stop SmartDefence on remotely managed Edge, Motta Corrado <= Re: [FW-1] stop SmartDefence on remotely managed Edge, Ray Re: [FW-1] stop SmartDefence on remotely managed Edge, Rick Centner Re: [FW-1] stop SmartDefence on remotely managed Edge, Motta Corrado Re: [FW-1] stop SmartDefence on remotely managed Edge, Joe Matusiewicz Re: [FW-1] stop SmartDefence on remotely managed Edge, Ray Re: [FW-1] stop SmartDefence on remotely managed Edge, Ray Re: [FW-1] stop SmartDefence on remotely managed Edge, Motta Corrado Re: [FW-1] stop SmartDefence on remotely managed Edge, Motta Corrado Re: [FW-1] stop SmartDefence on remotely managed Edge, Ray

Previous by Date:	Re: [FW-1] User locked, Yvonne Steinmetz
Next by Date:	[FW-1] 2 Router to Extrern on 1 Gateway, Verweyen, Dirk
Previous by Thread:	[FW-1] User locked, Dirk Udo
Next by Thread:	Re: [FW-1] stop SmartDefence on remotely managed Edge, Ray
Indexes:	[Date] [Thread] [Top] [All Lists]