[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25 5
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
In fact, his trick would work on my network with a subnet mask of
255.255.248.0 IF he define the object address and subnet mask correctly.
-----Message d'origine-----
De: Bourque Daniel
Date: 3 mai, 1999 15:20
À: 'fw-1-mailinglist@lists.us.checkpoint.com'
Objet: RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25
5
190.35.17.255 with a subnet mask of 255.255.248.0 doesn't have all 1 in the
host portion...
11 bits are reserved for the host part and it use only 9 bits.
Host: 190.35.17.255 x.0001 0001.1111 1111
Mask: 255.255.248.0 x.1111 1000.0000 0000
Broadcast: 190.35.23.255 x.0001 0111.1111 1111
As for VLSM, I was reading that as Variable Lenght Subnet Mask i.e. that you
can use different subnet masks on the same network as for example using 11
bits for host on part of my networks and 2 bits for host on wan link.
His trick would not work on my subnet class B network (even with fixed
subnet mask). It would work on class B network with a mask of
255.255.255.0.
-----Message d'origine-----
De: Pavlichek, Doris (GEIS, GE Capital Consulting)
[mailto:Doris.Pavlichek@geis.ge.com]
Date: 3 mai, 1999 14:39
À: Bourque Daniel; 'Paquette, Trevor';
fw-1-mailinglist@lists.us.checkpoint.com
Objet: RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25
5
I think he pointed out in his FAQ that you cannot use this with VLSM, only
with classful routing. (the natural mask for the class of address would
apply, i.e., 255.255.0.0 for a class B)
And you can't have all 1s or all 0s in the host portion of an address....DP
> -----Original Message-----
> From: Bourque Daniel [SMTP:Daniel.Bourque@loto-quebec.com]
> Sent: Monday, May 03, 1999 2:14 PM
> To: 'Paquette, Trevor'; fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] How to: Turn off a reporting for broadcasts to
> *.*.*.25 5
>
>
> Correct me if I am out of my ligue but...
>
> If my network is a subnet class B network: 190.35.0.0 with netmask
> 255.255.248.0
>
> 190.35.16.255, 190.35.17.255 are valid workstation address. The broadcast
> address id 190.35.23.255
>
>
>
> -----Message d'origine-----
> De: Paquette, Trevor [mailto:TrevorPaquette@metronet.ca]
> Date: 3 mai, 1999 14:03
> À: fw-1-mailinglist@lists.us.checkpoint.com
> Objet: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255
>
>
>
> May want to make this a FAQ:
>
> We had a need here to disable logging for all broadcasts
> going to anything ending in *.*.*.255
>
> The problem was how to get FW-1 to do this..
>
> Here is the trick:
>
> 1) Create a new network object called BC-ALL
> 2) Give it the IP 0.0.0.255
> 3) Give it a netmask of 0.0.0.255
> 4) Comment: Broadcasts to *.*.*.255
>
> Hit OK. The system will say: Warning: Net mask invalid.. IGNORE this.
>
> Insert a new rule in your rulebase, with:
> Source: Any
> Dest: BC-ALL
> Service: Any
> Action: Reject
> Track: Blank
>
> Done.. You'll never see any broadcasts again using that rule.
>
> Note: This assumes Class A, B and C subnetting.
> This will NOT work for VLSM (Variable Length Subnet Masks)
>
>
> > -----Original Message-----
> > From: tpellowski@iscvb.com [SMTP:tpellowski@iscvb.com]
> > Sent: Monday, May 03, 1999 9:43 AM
> > To: jdschn@ibm.net; fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: RE: [FW1] Reporting applications for Checkpoint logs
> >
> >
> > SecureIT has a pretty good reporting program. I know it offers those
> > reports
> > that you had mentioned.
> > It is also possible to write some Perl and also do imports to Access
> > databases and use M$'s graphing wizard.
> >
> > Tom Pellowski CCSE/SA
> > Information Systems Engineer
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: John Schneider [SMTP:jdschn@ibm.net]
> > > Sent: Monday, May 03, 1999 11:34 AM
> > > To: Firewall-1 Mailinglist
> > > Subject: [FW1] Reporting applications for Checkpoint logs
> > >
> > >
> > > Greetings,
> > > Thanks to the many of you who contribute to this list. Do any of
> > > you know of products
> > > that would run on either the NT or RS/6000 versions of Checkpoint and
> > > improve the
> > > reporting capabilities? The Checkpoint logs contain quite a bit on
> > > information, but not in
> > > a very readable form.
> > > Some of my customers want reports that answer questions like:
> > >
> > > 1) who are my top users (in terms of number of bytes transferred, or
> > > connections)
> > > 2) what are the top sites that were connected to (by node name or URL)
> > > 3) are any users going to objectionable sites (not active blocking
> > > required here, just a
> > > way to search against names like "XXX" or "adult" appearing in the
> site
> > > name)
> > >
> > > It is possible to write perl scripts and so on to do this stuff, but
> it
> > > should not be necessary. Does
> > > Checkpoint itself give you anything like this? I can't find it if it
> > > does.
> > >
> > > If you have any scripts of your own you could share, I would be very
> > > grateful.
> > >
> > > Thanks for any input.
> > > John Schneider
> > >
> > >
> ***********************************************************************
> > > * John D. Schneider Email: jdschn@ibm.net
> > >
> ***********************************************************************
> > >
> > >
> > >
> > >
> > >
> >
> ==========================================================================
> > > ======
> > > To unsubscribe from this mailing list, please see the
> instructions
> > at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> >
> ==========================================================================
> > > ======
> >
> >
> >
> ==========================================================================
> > ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
>
>
> ==========================================================================
> ==
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================