Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Trend Micro Interscan Viruswall 3.81 CVP and Checkpoint Firew all-1

from [Andrews, Allison] Network Security [Permanent Link]
Subject: RE: Trend Micro Interscan Viruswall 3.81 CVP and Checkpoint Firew all-1 NG R55
Date: Wed, 29 Sep 2004 14:01:47 -0700 
We have tried both the backwards compatibility mode, using "fw putkey
-opsec" and "opsec_putkey" commands along with out the backwards
compatibility mode, using "opsec_pull_cert" and neither method has been able
to establish a connection between the two servers.  In the first instance,
it was the Viruswall rejecting the connection with a "deny" command.  In the
second instance, it's the Firewall that drops the connection with a "FIN"
after the keys have been exchanged and acknowledged.

We do know network traffic is flowing between the systems because it's only
connected to the firewall (direct connect private network) and I can access
the server's web based interface from my desk.

Allison Andrews
Unix Administrator
Epson Portland Inc

-----Original Message-----
From: Rob Hughes [mailto:rob@robhughes.com] 
Sent: Tuesday, September 28, 2004 5:51 PM
To: firewalls@securityfocus.com
Subject: Re: Trend Micro Interscan Viruswall 3.81 CVP and Checkpoint
Firewall-1 NG R55

On Tue, 2004-09-28 at 17:34 +0000, allison.andrews@epi.epson.com wrote:


We have just been forced to upgrade from Trend Micro Interscan Viruswall

3.6 CVP to 3.81 CVP because of a "y2k" type issue with Viruswall in that the
virus patterns are three digits only, and as of pattern 980, they no longer
support the older version with the pattern updates.


There is no 3.61 CVP version available so we went to 3.81 CVP instead, and

though myself and a contractor have put close to 60 hours work on this
project in the last week, we have been unable to get Checkpoint Firewall-1
and Viruswall to talk.  We are using Checkpoint opsec as the authentication
between the two servers, and attempted to establish the connection using two
separate techniques, one using opsec_putkey and the other using
opsec_pull_cert.  Though we have seen keys exchanged by snooping the port,
in the first case (using opsec_putkey), the Viruswall rejected the
connection.  In the second case, Checkpoint drops the connection after the
keys are exchanged.


Extensive phone calls to both Checkpoint and Trendmicro have produced

nothing that has solved the issue.  I guess the simplest question I could
post is, has anybody managed to get Viruswall 3.81 CVP to talk to Checkpoint
Firewall-1 NG R55?  If so, is there any advice or tricks that someone has
figured out to make this work?  We've exhausted just about everything we can
think of, and are beginning to worry that these programs are no longer
compatible after the latest required upgrade.  And with the virus patterns
no longer supported, we don't even have the option of backing out to our
previous version.

Did you just try establishing SIC with the OPSEC object? Or are you trying
to use an OPSEC object in backwards compatibility mode, and thus performing
the putkey?
--
If at first you don't succeed, skydiving is not for you.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: Trend Micro Interscan Viruswall 3.81 CVP and Checkpoint Firew all-1 NG R55, Andrews, Allison <=
Previous by Date:  RE: PIX OS 6.3(3) and AAA Configuration, James Williams
Next by Date:  RE: PIX OS 6.3(3) and AAA Configuration, mbeck
Previous by Thread:  PIX Config Backup Script, Al Cooper
Next by Thread:  Help Routing on a Fortigate-100, Jared S. Brodsky
Indexes:  [Date] [Thread] [Top] [All Lists]