I've done all as you'd described:
Made copy of 7.0.enq, named it 7.0.enq-1.
In the 7.0.enq-1\Blackd I found firewall.ini and added the following line
to it: "auto-blocking.timeout = 600".
Restarted Desktop Controller. Then I opened policy, let it be
Adaptive_Client_A and Administrative Settings ->Group Settings ->
DesktopProtection Version selected 7.0.enq-1.
I generated new build and then reinstalled Desktop Agent from that build.
So, I thought that after all that steps auto-blocking.timeout is 10 min,
but when I tested auto-blocking timeout it was still 1 day instead desired
10 min.
What have I done wrong?
PS: Specialists from ISS's support said that the only way is to edit
configuration files on all agents. I know that it is working good, I've
tested that, but only if number of Agents is not very big. I have 1000
agents and if the only way is to configs, I can't use auto-blocking
feature!
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)
"Andrew Plato"
<aplato@anitian.com> To: "Sergey V Soldatov"
<SVSoldatov@tnk.ru>,
<issforum@iss.net>
08.09.2004 00:22 cc:
Subject: RE: [ISSForum]
Advanced firewall parameters of Desktop
Protector viaSiteProtector
console
You can actually add these firewall parameters to the root files used
for builds. You need to create a "custom version" of RSDP on Site
Protector. This is done by taking a version ISS hands down, and
modifing the base files located in the:
(DRIVE)\Program Files\ISS\RealSecure SiteProtector\Desktop
Controller\versions\
...folder. This folder contains all the versions and raw files that
Site Protector uses to create agent builds (and push down updates to
clients).
Create a copy of the version you want to modify and rename the directory
(I usually call it something like 7.0ebo-1)
Then modify the firewall.ini file in the "Blackd" directory to include
the parameters you want.
You can also use this tactic to modify the issuelist.csv.
BUT - keep in mind, when ISS hands down a new version, you'll have to
manually move your changes over to te new version (or a copy of the new
version). Once you get a feel for the parameters and files, is actually
pretty easy to do.
Oh, and remember to stop and restart your desktop controller after you
have added your new custom version.
___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of Sergey V Soldatov
Sent: September 07, 2004 3:10 AM
To: issforum-bounces@iss.net; issforum@iss.net
Subject: [ISSForum] Advanced firewall parameters of Desktop Protector
viaSiteProtector console
Good day.
I've found that not all parameters that are available for configuration
through configuration files (frewall.ini, blackice.ini) can be
configured via SiteProtector Console. All available configuration
parameters could be found in "Real Secure Agent Advanced Administration
Guide v. 7.0", file is called BI-AAG_70.pdf.
So, the question is how I can edit the following parameters from
SiteProtector console:
tunnel.udp.maxpendingtime
tunnel.udp.subnetmask
auto-blocking.timeout
tunnel.simple
that are not available from SP console.
Of course, I can edit configuration files, but it's not convenient when
number of Desktop agents about 1000!
Thanks.
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
