Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] eSafe CVP Servers

To: Chris F <[email protected]>
Subject: Re: [FW1] eSafe CVP Servers
From: Cristian Nicolae <[email protected]>
Date: Wed, 20 Sep 2000 08:52:56 +0200
Cc: Ed Davidson <[email protected]>, [email protected]
References: <[email protected]>
Sender: [email protected]

Chris,
I ran Websense on the same machine, togehter with ESafe.
I had nothing but troubles. Nothing against Websense.
Afterwards, I reinstalled the machine from scratch, with all the patches
for the required hardware.
It worked fine until once I forgot my Netscape broswer up and running on
the machine.
>From that moment it ran about two more days and then the machine hanged.
The lesson I learnt was that I should never run any program than esafe
on that machine.
Hope this helps a bit.
I suggest you start with a clean reinstall of OS, then eSafe, enable
STMP if it works and only afterwards enable FTP.
That's all I would do.
YOurs,
Cristian






Chris F wrote:
> 
> Hi Cristian,
> 
> Thank you for your reply.
> 
> I only use my eSafe for SMTP and FTP AV. If/when I use
> the HTTP scrubbing -- it works for a few hours, then
> it stops all HTTP traffic (looses connectivity with
> the firewall). To much of a pain. It's really too bad
> -- I wish it worked.
> 
> I have bugged eSafe for help -- but so far, no
> resolution. eSafe gave me the run-around, and I
> finally gave up. Other have complained about the same
> problem. I'll probably go with Norton once my eSafe
> license expires.
> 
> This is my config:
> 
> Dedicated full T1 Internet access
> FW1 v4.1 SP2 on Solaris 2.6 143MHz Usparc 320MB RAM
> 
> eSafe v2.1/99 on NT4.0 Server (SP5) PI 233 256MB RAM
> Websense v3.11 also on this NT4.0 server, which is
> only a PC clone. HDDs are UW SCSI drives. IDE is evil!
> 
> The NT box and firewall are connected to a Cisco
> switch. Firewall is forced at 10/HDX -- while the NT
> has a SMC NIC running at 100/FDX (also forced to
> 100/FDX. Force everything -- don't auto neg, according
> to Cisco). We've had problems with 3COM cards. We
> don't use them anymore. We've had good experiences
> with Intel NICs. Anyway...
> 
> My switch connection status between NT and firewall is
> the cleanest on our network.
> 
> The only tips I have for eSafe are:
> 
> - Per: eSafe README, comment out the "auth_opsec"
> 18182 line in $FWDIR/conf/fwopsec.conf
> Or, something like that. See the readme file. I
> forget.
> 
> - Use "Low Security" in defeat timeout in eSafe
> configuration
> 
> - streamline your FW1 rules. Make them simple, ordered
> with most used at the top.
> 
> That's about all I can think of. Hope this helps!
> 
> -- Chris
> 
> --- Cristian Nicolae <[email protected]>
> wrote:
> > Hi Chris,
> > I am using the same version as you do. It runns on a
> > NT Server OS.
> > As I said, I did not enable the HTTP content
> > scanning because of the
> > performance reasons.
> > Just to give you an idea, I have a 1 Mbps connection
> > to the Internet and
> > as soon as I
> > enabled HTTP scanning my access became as fast as I
> > was using a 128 kbps
> > line. Of course, I do not pretend that these figures
> > are exact, but the
> > machine was getting on its knees with that.
> > My firewall is a Nokia IP650 4.1 SP2.
> > Although I am not an NT expert, I am inclined to say
> > that NT can hardly
> > be tuned when there is a performance bottleneck.
> >
> > My idea is to take another product running on a
> > UNIX/Linux platform for
> > this kind of thing.
> > I would gladly consider FreeBSD but there are not
> > too many products of
> > this sort running on FreeBSD.
> > One other option is to take the biggest and the
> > greatest Intel box an
> > put NT on it.
> > Any experience with this issue is greatly
> > appreciated.
> > Cristian
> >
> >
> > Chris F wrote:
> > >
> > > Cristain,
> > >
> > > I use eSafe as well. I have trouble using it to
> > scrub
> > > HTTP. After some time, the connectivity between
> > the
> > > eSafe server and the firewall dies (as if eSafe
> > can't
> > > keep up).
> > >
> > > I have other issues with FTP scanning. Others have
> > > mentioned the same.
> > >
> > > I'm running eSafe v2.1/99 on NT4.0 SP5
> > > FW-1 v4.1 SP2 on Solaris 2.6
> > >
> > > What versions of eSafe and OSes are you at?
> > >
> > > Thanks -- Chris
> > >
> > > --- Cristian Nicolae <[email protected]>
> > > wrote:
> > > >
> > > > Hi,
> > > > I have been using eSafe sucessfully. In a
> > network
> > > > with 450 users
> > > > I've been running eSafe on a Compaq Professional
> > > > Workstation AP500 with
> > > > 128 MB RAM.
> > > > My opinion is that SMTP scanning works very well
> > if
> > > > one is running not
> > > > but eSafe on that machine.
> > > > On the other hand, enabling the HTTP and FTP
> > > > scanning decreased
> > > > significantly the access speed.
> > > > I would be curious to learn from other people
> > > > experience.
> > > >
> > > > I understood that with FW-1 4.1 one can use more
> > > > than once CVP server.
> > > > I believe that when it comes to antivirus it is
> > > > worth to have a cascaded
> > > > setup with different products.
> > > >
> > > > I would be curious to know if anyone has been
> > using
> > > > TrenMicro on Linux
> > > > with HTTP scanning enabled
> > > > and if there any performance issues.
> > > >
> > > > Cristian
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Ed Davidson wrote:
> > > > >
> > > > > I am looking at the various CVP servers for
> > > > AntiVirus.  I was wondering what
> > > > > people are using and what you like.  I have
> > looked
> > > > at eSafe's, Trend
> > > > > Micro's, and Nortons.   It seemed that eSafes
> > had
> > > > the nicest feature set,
> > > > > but I couldn't get it to work stable.  Nortons
> > was
> > > > the most stable and
> > > > > easiest to use.
> > > > >
> > > > > What are your opinions?
> > > > >
> > > > > Thank you.
> > > > >
> > > > > Edwin Davidson.
> > > >
> > > >
> > > >
> > >
> >
> ================================================================================
> > > >      To unsubscribe from this mailing list,
> > please
> > > > see the instructions at
> > > >
> > > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> >
> ================================================================================
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Send instant messages & get email alerts with
> > Yahoo! Messenger.
> > > http://im.yahoo.com/
> > >
> > >
> >
> ================================================================================
> > >      To unsubscribe from this mailing list, please
> > see the instructions at
> > >
> > http://www.checkpoint.com/services/mailing.html
> > >
> ================================================================================
> 
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] eSafe CVP Servers
  - From: Chris F <[email protected]>

Prev by Date: Re:Re: [FW1] eSafe CVP Servers
Next by Date: Re: [FW1] Installation of stonebeat full cluster for FW1
Previous by thread: Re: [FW1] eSafe CVP Servers
Next by thread: Re:Re: [FW1] eSafe CVP Servers
Index(es):
- Date
- Thread