[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] AW: fw sam error
- To: [email protected]
- Subject: [FW-1] AW: fw sam error
- From: Samuel Wuethrich <[email protected]>
- Date: Mon, 24 Feb 2003 21:17:51 +0100
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcLcMHO964LKDhorSlWZQl3N05zfKAAESXci
- Thread-Topic: Re: [FW-1] fw sam error
Did you have the 4.1 backward compatibility module installed, did you? A collegue of mine has had troubles getting SAM message originating from the RS Sensor into NG. After BC was installed, it has worked.
SAM
-----Ursprüngliche Nachricht-----
Von: Mick Toothaker [mailto:[email protected]]
Gesendet: Mo 24/02/2003 18:21
An: [email protected]
Cc:
Betreff: Re: [FW-1] fw sam error
Hello Manuel,
I appreciate your assistance.
I upgraded to HF-1 on both the management and on the enforcement modules. I
have reset SIC and I have set, set and reset the putkey process (even
messing it up to see the error/failure messages) and tried the syntax from
the manual and from you, all with the same results as before. From the
management station I get:
sam: Unexpected end of session. It is possible that the SAM request for
'Inhibit Drop Close src ip <IP addresses> on All' was not enforced.
From the enforcement point I get:
sam: Server entity initialized failed. The SAM request was not performed.
Yes, I am working on getting the OPSEC messages from Real Secure to enable
SAM (suspicious activity messages) functionality, but if the process does
not work manually, I can't expect it to work programmatically. And, no, the
RS > OPSEC > FW SAM is not working either.
I have put a sniffer on the wires, and the SAM messages are going between
the RS network sensor and the management module. No corresponding traffic is
going between the management module and the firewall enforcement point.
Pointing the RS messages (changing the putkey, etc.) directly to the
firewall enforcement point does not make it work either. Fw sam is just not
doing anything on my firewall.
I have maintenance and support from both ISS and Check Point, so I will be
calling them next; probably CP first. I just wanted to do everything I could
without calling them. Support from any vendor goes through the basics first
(is it plugged in? is it turned on?), and I wanted to be able to say I had
done all that.
Thanks again...
Mick
��oiƭ��κӟ9��q�+k���,j����jw�j)m��M!VX��ˬr���"��(�)��N
������i�lz���f��)��+-����T�{.n�+�������+&j)b� b��ey��筅觲��rب�ƭ��i��0��^rJh�{\�o�z��q�?����x!�iH*.���j|���-���xh�����{*.�˛���ب��m���zf���5� ޮ���$�����&