Aleks, Thank you for your response. I will try the Integrity Agent for Linux soon. We did several labs. IAS 5.1 works fine. 6.0.100 and 6.0.459 worked fine in different lab. 6.0.659 seems to be reproduceable -- "Integrity info: Client machine has no Integrity client", InterSpect Tracker says. Initializing SIC was a bit troublesome on all versions (except 5.1). Regards, Neil Delacruz
On 11/9/05, Aleks Feltin <[EMAIL PROTECTED]> wrote: > > Hey! > > |+-+-+-+-+-+-+-+-+-+-+| > | Integrity Clients | > |iAgent (XP/2K boxes) | --------------> Cisco C2950 -----------> > FW-1/VPN-1 > | 10.0.0.0/24 <http://10.0.0.0/24> | > |+-+-+-+-+-+-+-+-+-+-+| | | > | | | > | | | > | | | > |+-+-+-+-+-+-+-+-+| | | > |IS Appliance 410 | ------------------------- | > | 10.0.0.65/24 <http://10.0.0.65/24> | | > |in bridging mode | |+-+-+-+-+-+-+-+| > |+-+-+-+-+-+-+-+-+| | IAS 6.0 | > | | Server 2003 | > | | 10.0.0.124/24 <http://10.0.0.124/24> | > | |+-+-+-+-+-+-+-+| > | > > MGM > > Integrity Antispyware add-on is now available! > btw, did you manage to test integrity agent for Linux? > > Aleks > > > >Hi Aleks, > > We have also implemented said solution with other clients with much > >success. This particular install, however, is not so lucky. > > At first, we did have SIC established, but all clients would get > >quarantined even if the Integrity client is installed. Reason for the > >block/quarantine is "Client does not have Integrity installed." So we > tried > >to re-init SIC, and now we cannot. We did uninstall IAS 6 and went to IAS > >5.1, and it worked fine -- SIC established right away. > > The SK30075 describes this issue we are having and the solution says, > >"Solution available, currently under investigation." > > Can you give me a quick description of the network configuration you > used? > > The Integrity portion of this project works great. Awesome product! > > Thank you very much, > >Neil Delacruz > > > > On 11/8/05, Aleks Feltin <[EMAIL PROTECTED]> wrote: > > > > > >>Hello there! > >> > >>We have succesfully managed to combine the stuff and achieved the > >>functionality of the Cooperative Enforcement. Also we have used the same > >>hardware as well as software as you have. > >>Deployment process went just fine. During the testing phase we > >>encountered similar malfunction ot the Cooperative Enforcement. (SIC was > >>succesfully established, and clients were communicating with the IAS). > >>After restarting the Interspect appliance everything gone just fine. It > >>is also noticeably that after the pulling cert the Interspect gateway 's > >>certificate appeared among the other certificates on the IAS in the > >>certificate section. > >> > >>best regards, > >> > >>Aleks > >> > >>fwguru wrote: > >> > >> > >> > >>>Fellow Gurus, > >>>Have any of you implemented Integrity Server with InterSpect using > >>>Cooperative Enforcement? We need some help trying to figure out the > >>> > >>> > >>problem > >> > >> > >>>we are having. Environment is InsterSpect Appliance 210 running > >>> > >>> > >>InterSpect > >> > >> > >>>2.0 HF1 and Intergrity 6.0 server is running on Windows 2003 SP1. > >>>We are having an issue where any traffic from the protected zone > >>> > >>> > >>traversing > >> > >> > >>>the InterSpect box gets quarantined or blocked (depending on policy). > >>> > >>> > >>Reason > >> > >> > >>>is "Client does not have Integrity Client installed" and that is not > >>> > >>> > >>true. > >> > >> > >>>The client does have Integrity installed and the client is > communicating > >>>just fine with the Integrity Server. > >>>The Integrity box and the InterSpect box can ping each other. I think > >>> > >>> > >>the > >> > >> > >>>fundamental problem is the SIC between the Integrity and the InterSpect > >>>boxes. It should be a very simple process that we are following > >>> > >>> > >>correctly; > >> > >> > >>>however, the Integrity box never pulls the SIC cert from the InterSpect > >>> > >>> > >>box. > >> > >> > >>>In fact, we run fw monitor on the InterSpect box listening for traffic > >>>between Integrity and ISpect. When we create the Gateway Entity object > on > >>>the Integrity box and click save, we see traffic from Integrity to > ISpect > >>> > >>> > >>on > >> > >> > >>>dst port 5054. We are expecting it to communicate on port 18210 > >>>(fw1_ica_pull) to pull the cert, but this is not the case. The ISpect > box > >>>responds with a RST/ACK when it receives the 5054 comm (3-way handshake > >>> > >>> > >>not > >> > >> > >>>established). > >>>Any clues as to why Integrity wants to pull a cert over port 5054 > >>> > >>> > >>instead > >> > >> > >>>of 18210? Is there another way to initialize SIC between these two > boxes? > >>> > >>> > >>By > >> > >> > >>>the way, there is no way (that I know of) to test SIC from an > InterSpect > >>> > >>> > >>box > >> > >> > >>>(there is no "test SIC" button). And you can't run any SIC commands on > >>> > >>> > >>the > >> > >> > >>>ISpect box, either. > >>>Also, if we turn off Cooperative Enforcement everything is fine -- > >>> > >>> > >>clients > >> > >> > >>>can communicate from protected zone to backbone and beyond. > >>>Any help would be appreciated. > >>>Warm regards, > >>>Neil Delacruz > >>> > >>>================================================= > >>>To set vacation, Out-Of-Office, or away messages, > >>>send an email to [EMAIL PROTECTED] > >>>in the BODY of the email add: > >>>set fw-1-mailinglist nomail > >>>================================================= > >>>To unsubscribe from this mailing list, > >>>please see the instructions at > >>>http://www.checkpoint.com/services/mailing.html > >>>================================================= > >>>If you have any questions on how to change your > >>>subscription options, email > >>>[EMAIL PROTECTED] > >>>================================================= > >>> > >>> > >>> > >>> > >>================================================= > >>To set vacation, Out-Of-Office, or away messages, > >>send an email to [EMAIL PROTECTED] > >>in the BODY of the email add: > >>set fw-1-mailinglist nomail > >>================================================= > >>To unsubscribe from this mailing list, > >>please see the instructions at > >>http://www.checkpoint.com/services/mailing.html > >>================================================= > >>If you have any questions on how to change your > >>subscription options, email > >>[EMAIL PROTECTED] > >>================================================= > >> > >> > >> > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
