Frequently Asked Questions


The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

I installed my user -defined script on my firewall, but it isn t doing anything when the rule is matched. What s the problem?

remember that the alertd process is running on the machine acting as the management server. place the script in the $fwdir/bin directory of that system and begin testing from there.

2.  

I m trying to block a connection with SAM, but I don t see a Connection ID field in SmartView Tracker, and when I click on Tools , the Block Intruder option is grayed out. Am I doing something wrong?

remember that to use the sam feature, smartview tracker must be in active mode .

3.  

Is there a way to see which IP addresses are currently blocked on my firewall?

yes and no. the blocked ip addresses are maintained in the fw-1 table, sam_blocked_ips. the firewall command fw tab t sam_blocked_ips will show you the contents of that table, but it isn t the easiest thing on earth to read since it is all in a hexadecimal format.

4.  

I m no programmer, but I m really excited by the user-defined alert idea. Does Check Point supply any preconfigured user-defined alerts?

no, but fear not-the internet is full of helpful people, and a quick search might reveal what you need. you can also employ opswat to assist you. opswat is a consulting company specializing in creating customized opsec-compliant solutions for companies. more information about opswat is available at www.opswat.com.

Answers

1.  

Remember that the alertd process is running on the machine acting as the management server. Place the script in the $FWDIR/bin directory of that system and begin testing from there.

2.  

Remember that to use the SAM feature, SmartView Tracker must be in Active Mode .

3.  

Yes and no. The blocked IP addresses are maintained in the FW-1 table, sam_blocked_ips. The firewall command fw tab “t sam_blocked_ips will show you the contents of that table, but it isn t the easiest thing on earth to read since it is all in a hexadecimal format.

4.  

No, but fear not ”the Internet is full of helpful people, and a quick search might reveal what you need. You can also employ OPSWAT to assist you. OPSWAT is a consulting company specializing in creating customized OPSEC-compliant solutions for companies. More information about OPSWAT is available at www.opswat.com.




Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net