[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] FW-1 and Raptor against Legato Networker
- To: [email protected]
- Subject: Re: [FW-1] FW-1 and Raptor against Legato Networker
- From: Volker Tanger <[email protected]>
- Date: Wed, 25 Sep 2002 15:39:41 +0200
- Organization: DiSCON GmbH
- References: A<[email protected]>
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- User-agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530
Greetings!
Paul Simons wrote:
I have a problem with Legato Networker.
I have a backup machine running to two networks. One network is
protected by a FW-1 (4.1) firewall and the other is through a Raptor
firewall.
The rules are the same on both firewalls - the backup server can talk to
any machine on both networks with 'any' protocol and 'any' port (yes
it's come to that :-))
Machines backing up through the Raptor work fine. Machines going through
the Check Point - fail, hang, etc consistently.
Two ideas: content filter or state timeout.
En detail...
I guess you are using "secure tunnel"s through the Raptor? These are
(IIRC - I only worked with Raptor 4.0-6.0) plain static IP filters. Plus
tunneling happens before the GSPs get into action.
As for the CheckPoint - they use stateful (dynamic) packet filters with
some extensions ("inspection" code). If there was a rule above that did
not match but contained a ressource (security server), then your
connection will be tunneld through this ressource even if you did not
define oit this way. So connections on the same port as defined
ressources (e.g. SMTP) will fail.
Second is that the Legato might use kinda RPC protocol - one control
channel and a number of data channels. If this is the case I guess the
conrtol channel only is used at the beginning and at the end of each
session. If backup takes longer, then the session might be cut due to
exceeding the timeouts set in the FW properties. If this is the case,
you should find a number of "unknown established" packets between the
Legato server and clients in the FW log. This can be mitigated by
increasing the UDP/TCP session timeout.
Please let me know what worked.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon +49 30 6104-3307
fax +49 30 6104-3461
[email protected]
http://www.discon.de/
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
