[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Unable to connect Content Security Server

To: [email protected]
Subject: Re: [FW-1] Unable to connect Content Security Server
From: Tika Mahata <[email protected]>
Date: Wed, 18 Sep 2002 03:09:43 -0700
In-Reply-To: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Eduardo,

Service FW1_cvp with port 18181 is defined for communication in FW and in Anti-Virus.

Can you tell me how to log the implied rules?

Thanks.

Tika

Eduardo Eir�s wrote:

Con fecha martes, 17 de septiembre de 2002, 13:54:48, escribi�:

TM> Hi all,

TM> I have installed the Norton Antivirus for Firewall 1.5 indicating the external IP address of firewall as on the same box on which FW-1 NG FP2 is installed. After then I've made the OPSEC
TM> Application with
TM> Name: CVP
TM> Host : Firewall Server
TM> Vendor: User Defined
TM> Server Entities: CVP
TM> I have not made any Secure Internal Communication because the the product is not applicable for that service if I am no wrong.
TM> Then I create a URI resource with
TM> connection method: Proxy ( as our web access resources)
TM> Host: *:80
TM> Path: *
TM> Query: *
TM> CVP Server: CVP
TM> Then made a rule as
TM> LAN ANY HTTP-CVP ACCEPT
TM> But the user cannot access the internet it says:
TM> Unab! le to cconnect Content Security Server.
TM> Have any suggestion.
TM> Thanks in advance.
TM> Tika

TM> ---------------------------------
TM> Do you Yahoo!?
TM> Yahoo! News - Today's headlines

In a fw there must not be anything else installed.
Look that there is comunication permitted between CVP server and FW
server in cvp ports.
Enable log of implied rules and take a look at spoofing.
Once I had a setup similar to yours but with Trendmicro VirusWall, I
had to disable security policy (No security policy)in the interface
where CVP server was installed, no matter what ip is given to cvp
server (ext, localhost, 127.0.0.1 ); all of them are gonna give you
problems.

--
Hola,
Eduardo

Eduardo Eir�s Valle mailto:[email protected]

Nextel S.A. Ingenier�a Telem�tica

Tlf: +34 944035555 Fax: +34 944035550

Parque Tecnol�gico Edif. 207, Bloque B, 1�

48170- Za! mudio (Bizkaia)

=============================================== ==
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Do you Yahoo!?
Yahoo! News - Today's headlines

References:
- Re: [FW-1] Unable to connect Content Security Server
  - From: Eduardo Eir�s <[email protected]>

Prev by Date: Re: [FW-1] Split DNS stops working with NG Feature Pack 2 secremote client
Next by Date: [FW-1] CLuster XL problem
Prev by thread: Re: [FW-1] Unable to connect Content Security Server
Next by thread: [FW-1] Checkpoint VSX deployment
Index(es):
- Date
- Thread