[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Pings in log file

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Pings in log file
From: "McMeekin, Scott" <Mcmeesm@rbos.co.uk>
Date: Fri, 5 Nov 1999 16:27:31 -0000


Heh no. This is the most common misconception among FW-1 admins. You would
have THOUGHT that it would have been perfectly logical to log the traffic.
When would you EVER not want to log the traffic? I'll specify in my rule
base if I feel that something doesn't need to be logged.

Do yourself a MAJOR favor - disable everything in the policy options dialog
and go through the hell (if you're new to the product) that is getting the
rules specified to do it all manually. I don't know what Checkpoint were
smoking when they implemented that particular bit of FW-1, but I'd like
some.

Especially, get rid of the "accept UDP replies" and the like - it makes
debugging
a complete bloody nightmare when nothing gets logged and you end up thinking
you
have some kind of routing problem.

Checkpoint - PLEASE FIX THIS - you know it makes sense.

Scott.

-============================-
 Scott McMeekin (x25086)
   Senior Technical Analyst
         IT Telecoms
  The Royal Bank of Scotland
  Phone: +44(0)1315235086
  Email: mcmeesm@rbos.co.uk
-============================-

> -----Original Message-----
> From:	james.previti@fiserv.com [SMTP:james.previti@fiserv.com]
> Sent:	Friday, November 05, 1999 4:05 PM
> To:	Roy Culley; fw-1-mailinglist@lists.us.checkpoint.com
> Subject:	Re: [FW1] Pings in log file
> 
> 
> *** Warning : this message originates from the Internet ****
> 
> 
> 
> 
> Yes... this is true, but I though the packets would still be logged.
> 
> 
> 
> 
> 
> 
> Roy Culley <tgdcuro1@gd2.swissptt.ch> on 11/05/99 10:58:02 AM
> 
> To:   James J. Previti/Telecom/Philadelphia/Fiserv@Fiserv
> cc:
> 
> Subject:  Re: [FW1] Pings in log file
> 
> 
> 
> 
> 
> > Can anyone tell my why pings through a firewall would not be displayed
> in a
> log
> > file?
> 
> Because you have 'Accept icmp' enabled in your fw-1 Properties...?
> 
> 
> 
> 
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.

The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment Authority.

This e-mail message is confidential and for use by the addressee only.  If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer.

'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.'



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re:Re: [FW1] RealSecure on Solaris 2.7
Next by Date: RE: [FW1] Pings in log file
Prev by thread: RE: [FW1] Pings in log file
Next by thread: RE: [FW1] Pings in log file
Index(es):
- Date
- Thread