[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] local interface address spoofing. Turn off how?
Tim, I live in New Zealand. So when you are going to sleep, I am just waking up... Now there's a business opportunity!!! In short, yes this will work. The :resolve_multiple_interfaces is inspect script that gets compiled and deployed to the enforcement point. Your topology and keys etc will be retrieved from the Enforcement module if you have correctly configured the Firewall object. In your FireWall-1 object on your RuleBase the "Internal" or "External" check box in the case of enforcement modules equates to "Is this enforcement module on the same machine as the management station", not is this internal to my network or external to my network. If this is set to internal, then the CA and Keys and everything else will live on the Management Server. If this is set to external then the keys and topology are pushed to the enforcement module. Hey Presto ! Yours Kindly Gregor Munro -----Original Message----- From: Russo, Tim [mailto:[email protected]] Sent: 14 September 2000 7:41 a.m. To: 'Gregor Munro' Subject: RE: [FW1] local interface address spoofing. Turn off how? Will it work even if the managment module is not the firewall, but a seperate server? Do you sleep at all? :) -Tim -----Original Message----- From: Gregor Munro [mailto:[email protected]] Sent: Wednesday, September 13, 2000 3:38 PM To: Russo, Tim; [email protected] Subject: RE: [FW1] local interface address spoofing. Turn off how? Tim, if you are using CP 4.1 SP2 you can go into the objects.C file and configure it to respond to SecuRemote/SecureClient requests on all interfaces. This is currently a manual process, so you should fwstop the firewall, edit the objects.C file, search for your firewall object within the rulebase (it will most likely be somewhere near the top) and add a line in that section to resolve to multiple interfaces ---snip--- :resolve_multiple_interfaces (true) ---snip--- I think that this will resolve your problem Yours Kindly Gregor Munro -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Russo, Tim Sent: 14 September 2000 6:26 a.m. To: '[email protected].' Subject: [FW1] local interface address spoofing. Turn off how? I am trying to get my SecureClient laptops to be able to update the SecureClient site when they are on the LAN. The problem is that the managment server has a legal "NATed" IP address in the SecureClient config. When the clients tries to update their site on the LAN, they try to go to the external address, which the firewall (default gateway) NATs to its true internal address. I added a rule to deal with the routing and some NAT issues. The problem now is that I get a "local interface address spoofing" error message (rule 0). I have turned off all anti-spoofing rules in the firewall objects and turned off MAD (at least I think I have) on the mgmt station and firewall. No luck. How do I turn off this spoofing protection or is it possible to config SecureClient to automatically use a different IP for the server when connected to the local network? Thanks. -Tim ________________________ ______ ____ ___ __ Tim Russo Xchange, Inc. Sr. Security Engineer EMail: [email protected] Phone:FAX:============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|