Re: [FW-1] Unable to connect Content Security Server

Wed, 18 Sep 2002 03:06:40 -0700

Hi Eduardo,

Service FW1_cvp with port 18181 is defined for communication in FW and in Anti-Virus.

Can you tell me how to log the implied rules?

Thanks.

Tika

 

 Eduardo Eirós <[EMAIL PROTECTED]>wrote:

Con fecha martes, 17 de septiembre de 2002, 13:54:48, escribió:


TM> Hi all,

TM> I have installed the Norton Antivirus for Firewall 1.5 indicating the external IP address of firewall as on the same box on which FW-1 NG FP2 is installed. After then I've made the OPSEC
TM> Application with
TM> Name: CVP
TM> Host : Firewall Server
TM> Vendor: User Defined
TM> Server Entities: CVP
TM> I have not made any Secure Internal Communication because the the product is not applicable for that service if I am no wrong.
TM> Then I create a URI resource with
TM> connection method: Proxy ( as our web access resources)
TM> Host: *:80
TM> Path: *
TM> Query: *
TM> CVP Server: CVP
TM> Then made a rule as
TM> LAN ANY HTTP-CVP ACCEPT
TM> But the user cannot access the internet it says:
TM> Unab! le to cconnect Content Security Server.
TM> Have any suggestion.
TM> Thanks in advance.
TM> Tika



TM> ---------------------------------
TM> Do you Yahoo!?
TM> Yahoo! News - Today's headlines

In a fw there mustt not be anything else installed.
Look that there is comunication permitted between CVP server and FW
server in cvp ports.
Enable log of implied rules and take a look at spoofing.
Once I had a setup similar to yours but with Trendmicro VirusWall, I
had to disable security policy (No security policy)in the interface
where CVP server was installed, no matter what ip is given to cvp
server (ext, localhost, 127.0.0.1 ); all of them are gonna give you
problems.


--
Hola,
Eduardo


Eduardo Eirós Valle mailto:[EMAIL PROTECTED]

Nextel S.A. Ingeniería Telemática

Tlf: +34 944035555 Fax: +34 944035550

Parque Tecnológico Edif. 207, Bloque B, 1º

48170- Za! mudio (Bizkaia)

=============================================== ==
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


Do you Yahoo!?
Yahoo! News - Today's headlines

Reply via email to