NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Connections being reject by Rule "SAM"



Ronald,
 
SAM stands for Suspicious Activity Monitoring protocol.  This is a normally a good thing however if you are using a third party like Real Secure to write to an OPSEC response on the fly, it may quickly get into a problem if your settings are not good or false positives.  If you don't have any third party software, you may want to review you SAM settings. 
 
To view the table of IP addresses currently blocked by SAM, issue the following command:
fw tab -t sam_blocked_ips
 
Use the command 'fw sam -D' to "unblock" everyone that you may have blocked with the Block Intruder function.  Once you do this command, stay at the logs and check any large ammount of drops from a specific source.
 
 
Hope this helps.
 
Simon Desmeules
 
----- Original Message -----
Sent: Monday, January 07, 2002 3:54 PM
Subject: [FW-1] Connections being reject by Rule "SAM"

Hello Security Professionals.

I have a single subnet whose users are being denied Internet access. Upon checking the log viewer I see that http is being rejected by rule "sam". What can I do to restore
the connection. Also, what does the acronym SAM stand for. I think its function is to block connections before that are processed by the inspection engine. I know this by virtue of there not being any actual rule number rejecting the connection.

Ronald T. Jacobs
Time Warner Cable
Senior Systems Engineer
101 Innovation Drive Suite 100
Morrisville, NC 27560


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.