|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] fw sam error
Hello Manuel, I appreciate your assistance. I upgraded to HF-1 on both the management and on the enforcement modules. I have reset SIC and I have set, set and reset the putkey process (even messing it up to see the error/failure messages) and tried the syntax from the manual and from you, all with the same results as before. From the management station I get: sam: Unexpected end of session. It is possible that the SAM request for 'Inhibit Drop Close src ip <IP addresses> on All' was not enforced. >From the enforcement point I get: sam: Server entity initialized failed. The SAM request was not performed. Yes, I am working on getting the OPSEC messages from Real Secure to enable SAM (suspicious activity messages) functionality, but if the process does not work manually, I can't expect it to work programmatically. And, no, the RS > OPSEC > FW SAM is not working either. I have put a sniffer on the wires, and the SAM messages are going between the RS network sensor and the management module. No corresponding traffic is going between the management module and the firewall enforcement point. Pointing the RS messages (changing the putkey, etc.) directly to the firewall enforcement point does not make it work either. Fw sam is just not doing anything on my firewall. I have maintenance and support from both ISS and Check Point, so I will be calling them next; probably CP first. I just wanted to do everything I could without calling them. Support from any vendor goes through the basics first (is it plugged in? is it turned on?), and I wanted to be able to say I had done all that. Thanks again... Mick -----Original Message----- From: Manuel Cabrera Silva [mailto:[email protected]] Sent: Friday, February 21, 2003 11:17 AM To: [email protected] Subject: Re: [FW-1] fw sam error Hello Mick, Finally I made it work today. You need NG FP3 HF-1 (at least for my cluster configuration). In fact it must work on a default instalation. Try this: fw sam -v -s <fw object name> -D If you still have the same answer, try to reset sic communication between the module and management (caution you may lose conection). Reinitialize SIC comunication and try again. If you have a success response, then try fw sam -v -D. I hope you to have a succefull response so that you can configure Realsecure communication. In the management: fw putkey -opsec <ip realsecure net sensor> (provide a shared secret twice as requested) In the RS Sensor: opsec_putkey <ip management> (provide same secret requested before, twice again) Afeter that, from the RS Console stop and restar the sensor and that's all. (check reponses so they are directed to the management, and a good way to test it is enabling the "email debug" detection) Finally, if you are unable to get a successful response at the manual execution of sam commands from the management, think on sic_reset. This operation is risky but it can be controled ("backup you configuration first"). This might let you an unusable management and ready to use you backup. I hope this can can help you to configure your RealSecure. By the way, as you only have one module, you can configure RS to interact directly with it, replace management ip for module ip in the previous procedure, even in RS responses and it works. Manuel Cabrera CCSA. NSA. Cosapisoft -----Original Message----- From: Mick Toothaker [mailto:[email protected]] Sent: Tuesday, February 11, 2003 9:41 AM To: [email protected] Subject: [FW-1] fw sam error I am working with OPSEC suspicious activity messages (SAM), trying to get our RealSecure IDS to originate SAM and CheckPoint NG to respond to SAM. The next step I need to take is making sure that "fw sam -v -t 60 -i src <IP address>" manual methods work. Well, they are not. When I enter the address>above command at the management console, I get the following error: sam: Unexpected end of session. It is possible that the SAM request for 'Inhibit Drop Close src ip <IP addressas> on All' was not enforced. where <IP address> is a dotted decimal IP address. I found the article on the SecureKnowledge database "sk8382", but that did not make any difference, and I am not sure that article applies to my environment. VPN-1 NG FP3 (non-HF1), single enforcement point, single management console. Enforcement point: SecurePlatform, NG FP3, Second Edition (non-HF1) Management console: Windows 2000 Server, NG FP3 (non-HF1) Mick Toothaker Manager of Technology Services Fidelity Bank, Wichita, KS ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
