[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] How to: Turn off a reporting for broadcasts to ..*.255

To: "Paquette, Trevor" <TrevorPaquette@metronet.ca>
Subject: Re: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255
From: sirving@ca.ibm.com
Date: Tue, 4 May 1999 10:16:17 -0400
Cc: fw-1-mailinglist@lists.us.checkpoint.com


The only problem with this trevor is that you are only stopping broadcasts where
the entire subnet is used but you probably already know this.  Just thought I
would point it out just in case.  It is a neat trick though... never thought of
doing it this way before.




"Paquette, Trevor" <TrevorPaquette@metronet.ca> on 05/03/99 02:02:58 PM

Please respond to "Paquette, Trevor" <TrevorPaquette@metronet.ca>

To:   fw-1-mailinglist@lists.us.checkpoint.com
cc:    (bcc: Stuart Irving/Markham/IBM)
Subject:  [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255






May want to make this a FAQ:

We had a need here to disable logging for all broadcasts
going to anything ending in *.*.*.255

The problem was how to get FW-1 to do this..

Here is the trick:

1) Create a new network object called BC-ALL
2) Give it the IP 0.0.0.255
3) Give it a netmask of 0.0.0.255
4) Comment: Broadcasts to *.*.*.255

Hit OK. The system will say: Warning: Net mask invalid.. IGNORE this.

Insert a new rule in your rulebase, with:
Source: Any
Dest: BC-ALL
Service: Any
Action: Reject
Track: Blank

Done.. You'll never see any broadcasts again using that rule.

Note: This assumes Class A, B and C subnetting.
This will NOT work for VLSM (Variable Length Subnet Masks)


> -----Original Message-----
> From:   tpellowski@iscvb.com [SMTP:tpellowski@iscvb.com]
> Sent:   Monday, May 03, 1999 9:43 AM
> To:     jdschn@ibm.net; fw-1-mailinglist@lists.us.checkpoint.com
> Subject:     RE: [FW1] Reporting applications for Checkpoint logs
>
>
> SecureIT has a pretty good reporting program. I know it offers those
> reports
> that you had mentioned.
> It is also possible to write some Perl and also do imports to Access
> databases and use M$'s graphing wizard.
>
> Tom Pellowski CCSE/SA
> Information Systems Engineer
>
>
>
>
> > -----Original Message-----
> > From: John Schneider [SMTP:jdschn@ibm.net]
> > Sent: Monday, May 03, 1999 11:34 AM
> > To:   Firewall-1 Mailinglist
> > Subject:   [FW1] Reporting applications for Checkpoint logs
> >
> >
> > Greetings,
> >     Thanks to the many of you who contribute to this list.  Do any of
> > you know of products
> > that would run on either the NT or RS/6000 versions of Checkpoint and
> > improve the
> > reporting capabilities?  The Checkpoint logs contain quite a bit on
> > information, but not in
> > a very readable form.
> >     Some of my customers want reports that answer questions like:
> >
> > 1) who are my top users (in terms of number of bytes transferred, or
> > connections)
> > 2) what are the top sites that were connected to (by node name or URL)
> > 3) are any users going to objectionable sites (not active blocking
> > required here, just a
> > way to search against names like "XXX" or "adult" appearing in the site
> > name)
> >
> > It is possible to write perl scripts and so on to do this stuff, but it
> > should not be necessary.  Does
> > Checkpoint itself give you anything like this?  I can't find it if it
> > does.
> >
> > If you have any scripts of your own you could share, I would be very
> > grateful.
> >
> > Thanks for any input.
> > John Schneider
> >
> > ***********************************************************************
> > * John D. Schneider       Email: jdschn@ibm.net
> > ***********************************************************************
> >
> >
> >
> >
> >
> ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
>
>
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Proxy ARP and Stonebeat
Next by Date: Re: [FW1] Norton Anti Virus-Problem
Prev by thread: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255
Next by thread: RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25 5
Index(es):
- Date
- Thread

Re: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255

Re: [FW1] How to: Turn off a reporting for broadcasts to ..*.255