Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] FW1 SP2 on NT4, no service helper

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: RE: [FW1] FW1 SP2 on NT4, no service helper
From: Dan Hitchcock <[email protected]>
Date: Tue, 19 Sep 2000 13:37:57 -0700
Sender: [email protected]

Isn't that the point of the "control IP forwarding" option specified during
setup (can also be modified afterwards using the configuration GUI)?  Or are
you saying that it doesn't work?

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, September 19, 2000 12:48 PM
To: [email protected]
Subject: [FW1] FW1 SP2 on NT4, no service helper



I am sure that many of you that are using NT4 have run into this problem...

FW1 services on NT do not control routing, the operating system does. When
(not if) a FW1 service fails, it will no longer filter packets and it will
route between interfaces and also allow direct access to the firewall
itself.

So thats a good reason to harden the firewall itself as much as possible,
however I would like to setup some local monitoring of the services running
on the firewall and if a given service fails, attempt recovery of the
service and after some interval shutdown the server.

I don't want to use perl because I don't feel having this tool installed on
the firewall is a good idea. (perhaps perl2exe).
I also don't want to use 3rd party products like NTManage, Hyena or
whatever...I was kind of hoping someone had coded a Win32 app that acts as a
service helper for FW1. One problem appears that each service/process
spawned has same name "FW.EXE", so you will have to rely on service control
manager to accurately report status of service. (sometimes the SCM is hosed
as well as the service)

In addition, what kind of file system auditing works best? Anyone familiar
with tripwire might be using similar product on NT such as Intact. I haven't
set this up yet, I was wondering if anyone learned any lessons here...



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW1 SP2 on NT4, no service helper
Next by Date: [FW1] Is this a DOS - port 36121
Previous by thread: RE: [FW1] Specifying a group of ports
Next by thread: [FW1] Is this a DOS - port 36121
Index(es):
- Date
- Thread