Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Rule 0

To: [email protected]
Subject: Re: [FW-1] Rule 0
From: Christopher Ferraro <[email protected]>
Date: Sun, 6 Jan 2002 20:55:28 -0600
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

>From phoneboy's site:

Rule 0 is typically stuff not explicitly listed in the rulebase. This
includes:
Anti-Spoofing: This is set on the interface tab of your firewall object. If
spoof track is set to "log" or "alert", a rule 0 entry will show in your
log. A "drop" on Rule 0 typically means that incoming packet violated your
anti-spoofing policy for that interface. A "reject" on Rule 0 typically
means that an outgoing packet (one that has been accepted by your security
policy and routed by the OS) is violating your anti-spoof rules because the
packet is being routed out the wrong interface.

Authentication Failures: This is set in the Authentication tab of the
rulebase properties. If this is set to "log" or "alert", any failed
authentication attempts will show as a rule 0 log.

SYNDefender warnings may get logged as rule 0. The "Display Warning
Messages" checkbox in the SYNDefender tab of the rulebase properties is
where this can be disabled.

SecuRemote authentications (the successful ones) can also appear as a rule 0
accept. This is controlled by the "Enable Decryption on Accept" checkbox in
the Security Policy tab of the Rulebase Properties.

Anything dropped by FireWall-1's IP Options checking will log as rule 0. The
logging is controlled by the "IP Options Drop Track" section of the Log and
Alert tab of the Rulebase Properties.


----------------------------------------------------------------------------
----

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Sunday, January 06, 2002 8:27 PM
To: [email protected]
Subject: [FW-1] Rule 0


Hello all and Happy New Year

I am a newbie . . . running FW1, 4.1 on a NT Server 4.0 SP6.
I notice in my logs certain tcp packets are being rejected by Rule 0 (zero)
but I did not create such a rule and cannot find it in my Policy Editor.
How can I see / find out about this rule?  The checkpoint web site has not
helped. TIA Hadrian
--




__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] Rule 0
Next by Date: [FW-1] AW: [FW-1] Rule 0
Previous by thread: [FW-1] Rule 0
Next by thread: Re: [FW-1] Rule 0
Index(es):
- Date
- Thread