I wouldn't recommend scanning thru the fw; it'll give you a false sense of security, since most of the attacks are stopped by smartdefense.
I have the same problem, and what I did is to install a nessus probe on each network separated by the firewall, and then launch the attacks locally, using NessusWX (back when it was supported, any news about this) I could managed all my probes and scans from a central point, in order to avoid the blocking on the firewall, and the corresponding amount of alerts. You can do the same in a machine with Linux installed, just use the Nessus client to connect to the different probes. I even tried a rule with "any" on ports/services, it didn't work, it would still be stopped by Smartdefense, which is kind of nice (no way of allowing an attack thru due to human error). Cheers, Raúl -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] En nombre de Nick Brandson Enviado el: Lunes, 23 de Enero de 2006 11:02 p.m. Para: [email protected] Asunto: [FW-1] Scanning host thru Check Point Dear guru, I need to pass the IT audit requirements(e.g.SOX), scanning our public server (web,ftp..) thru our CP firewall. 1. What tools we should use? (Nessus, Internet Scanner) 2. Would the penestration test/VA scanning be successful thru fw? 2. Is there any add'l ports need to be opened? Please help, Thanks, Nick __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
