Re: [FW1] UDP port & new logs

Fri, 26 May 2000 13:50:47 -0700 


Comments and questions inline....

- -
Robert P. MacDonald, Network Engineer
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> <[EMAIL PROTECTED]> 5/26/00 8:47:25 AM >>>
>
>Pardon the basic questions, but I'm new to firewall management.  I have
>FW-1 v4.0 on WinNT 4.0

No problem. We all started there at one time or another(I'm not much ahead
of you.)

>1)  What are the possible security consequences of opening a udp port?  I
>have a web/snmp card in my UPS that broadcasts to specific IP addresses (2
>of which are outside the firewall).  I set up a rule allowing the udp
>traffic only between the specific source & destination IPs, but am just
>unsure if I have opened a huge gaping hole...

If you look at it this way. Nothing open is usually more secure than
something open. How you open up your system & how it is configured will
depend on how vulnerable you become.

Now the questions...

How have you defined the rule? Are you specific to the UDP traffic and
direction? Is this traffic just SNMP traps being sent out? Is the 'other end'
a management system that actively works with this device? Is there any
need to allow traffic back to this/these devices. Can it be encrypted just
after it leaves the device and decrypted before it's destination(both within
your network/control)?

>also,
>2) Is there any way to automatically save a log and create a new one?  My
>log is filling too quickly. 

Yes, cron/schedule/winat a job that runs fw logrotate. Depends on where
your management station is(same box, other box?) Then you can do
whatever you like with it. I'm not sure about FW-1 on NT, but on Sun, the
logs are in binary form. You may want to also do an export of the logs first, then
you'll have them in ASCII. 

>Is there at least a way to change the size of
>the log?  (I am aware that I could cease to log certain events, but this is
>not an option for now.)

Are you asking if there is a 'maximum' setting? The log just grows until it is
rotated or it run's out of disk space.

Some good reading for you would be at http://www.phoneboy.com/fw1  &
http://www.enteract.com/~lspitz/ .

>TIA,
>Rachel

Your welcome.

Best of Luck!
Robert



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to