[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] fw 4.0 queries
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I have tried to do the wildcard thing as requested by WebSense and it would
not work either. So my guess is that is a problem in the firewall software
somewhere, not WebSense. They could not tell me how to fix it though. They
said that my http security server is not enabled and I need to enable it. I
check the contents of the $FWDIR/conf/fwauthd.conf file and it appeared to
be enabled.
21 in.aftpd wait 0
80 in.ahttpd wait 0
513 in.arlogind wait 0
25 in.asmtpd wait 0
23 in.atelnetd wait 0
259 in.aclientd wait 259
10081 in.lhttpd wait 0
900 in.ahclientd wait 900
0 in.pingd respawn 0
This file is in it's default state. I have not changed anything. Also they
recommended that I add a line to the $FWDIR/conf/fwopsec.conf in the
following format:
server ip address of FW 18182 auth_opsec
After adding that line they said to comment out the previous 18182 line.
None of this seemed to have any effects.
Thanks
Ken Prochaska
Programmer / Analyst
Brazoria County Information Systems
kenp@brazoria-county.com
-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of
payal rewri
Sent: Thursday, April 08, 1999 6:23 AM
To: fw-1-mailinglist@lists.us.checkpoint.com
Cc: Ken Prochaska
Subject: Re: [FW1] fw 4.0 queries
Ken,
I can understand your frustation on this issues. i don't know if
both the vendors work together to give a quick solution/fix. I can
answer 2 points from your email.
1.) the in.httpd HTTP security server can be turned on the
$FWDIR/conf/fwauth.conf file
along with other servers, if i remember correctly.
2)we can test the security server by using a wildcard resource instead of
a filter and see in that case if blocks or allows the http request to
go through. then we know w=on whose plate the problem lies.
I tried to install service pack 2, last nite, it failed, saying it
was already installed. has anybody seen that?
maybe we can work together to tell both vendors exactly what we
are seeing, since this is a major bottleneck, and wenbsense is not
functional!
regards
payal
>
> I have a similar problem with FW-1 4.0 running on Win NT 4.0 with Websense
> 3.0. When I install a rule base with a Websense rule in it, I cant surf
> anywhere. If I take the rule out everything is fine. I am also running
the
> Websense stuff on the same server as FW-1. It was working on FW-1 3.0b,
but
> since I upgraded it to FW-1 v4.0 build 4031 I can't get it to work.
> Websense says that my HTTP security server is not enabled. I can't find
> anywhere in the GUI how to enable it. I also tried a URI with a file
> containing a list of web sites to block. That didn't work either. I get
> the error access denied. I am getting very frustrated with Websense and
> FW-1 v4.0. Can anyone help me......PLEASE!!!!!!!
>
> Ken Prochaska
> Programmer / Analyst
> Brazoria County Information Systems
> kenp@brazoria-county.com
>
> I had couple of questions on FW 4.0 running on Solaris 2.6 box.
> some of my hair has turned white getting this on 4.0
> I did the upgrade from Sun's version by copying objects.conf file,etc
> I upgraded to service pack 1 with strong des, US version. I noticed
> couple of oddities. We use Websense on the same box. when FW first
> started running, during the upgrade i missed a file containing a list
> of allowed URLS and in.httpd or websense was blocking every outgoing
> http...!
> i deleted that rule and we could surf again. However, recently I put
> back a new rule using websense URI filtering on the same box ( not
> recommended by
> websense,
> i read somewear). everything was working fine it was blocking bad sites.
> however, under production load, next day, i noticed that in.httpd was
taking
> up
> 85%
> of cpu on ultra II!! will service pack 2 solve this problem? we don't have
> phone support yet. I can't find a definitive way to solve this issue
> in 3 minutes of downtime!
>
> also on the sun i noticed with spoof alert turned on, the console is
> grabbed by fw and screen flashes, what would be recommedned way to prevent
> this apart from turning off spoof alert? and direct the spoof traffic
> to a file to see if required. is there a command to turn of spoof pop-ups
> and turn them on when required.
>
> on Sun ultra II with quad QFE card, has anyone applied patch 105 for
solaris
> 2.6?
>
> what are the pros and cons of not installing management module on the
> same machine ( if this done, then openwin is alos required).
> appreciate your responses...
> payal
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================