I'm evaluating Raptor firewall for a client, and I have to provide a
reccomendation for purchase by the beginning of next week. I personally
prefer a homebuilt solution of using TIS FWTK plus packet filters on a unix
box of some fashion, but that is not an option here for a variety of
reasons (some political, some technical).
I created a box running Windows NT 4.0, and I installed SP6 (installed that
before I had the product eval in my hand). The first install blew up in my
face - the firewall protocol didn't start, then after a reboot or two, none
of the adapters would start. I uninstalled the product and reinstalled,
and this time, it appeared to install correctly. I then applied the 6.0.2
patch, without issue. (If it had blown up on me again, I'd have reinstalled
NT with SP5, but it appears to run as it is. If there are security
concerns with SP6 and Raptor, I'm eager to know!).
All I want this box to do is allow outbound http(s), ftp, telnet and smtp
(which will also be allowed in to an internal mail server). DNS must be
available.
Now, using the configuration guide, I setup smtp, web, ftp and dns (that
dns proxy is UGLY! I'm tempted to rip it out and use NT DNS.) I've
disabled the daemons except for smtpd, telnetd and dnsd.
Okay, I can surf etc. There are three rules:
1. to allow outbound ftp and http access.
2. to allow outbound smtp access from the mail server to the universe.
3. to allow the universe to send smtp mail to the mail server.
The problems I've found so far:
1. SMTP doesn't seem to work - it wouldn't accept me telnetting to port 25
and issuing standard SMTP commands (HELO works, MAIL FROM: gives me a bad
command error). This is a problem for us.
2. I can telnet to the box from anywhere! Why is this? I've setup no rule
to allow this! The telnetd daemon is running, but shouldn't I have to
create a rule to allow access?
3. The description for spoof protection is very vague. I thought I spoof
protected the internal network on the external interface, but all that did
was to prevent operations from the box to the localnet (ie: telnet to the
internal mail server).
4. Based on #2 (and my own admitted ignorance of this product), I now have
no confidence that services on this box are disabled until expressly enabled.
What tools can I use to perform some basic testing of this box? Where can
I find more information (the Axent homepage appears largely devoid of
useful information, the manuals appear to be simple "how to see the world"
descriptions of the services and a question on testing directed at Axent
tech support resulted in a phone message telling me "telnet to the ports")
on how to properly configure this particular product and what to watch for?
Advice? Tips? Etc?
Thanks in advance!
Jon
-----------------------------------------------------------------
Jon Earle (613) 751-4948 (Pager)
HUB Computer Consulting Inc. (613) 830-1499 (Office)
http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
"God does not subtract from one's alloted time on Earth,
those hours spent flying." --Unknown
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
