Yes, both with Checkpoint and Cisco TPMs
The Checkpoint modules invariably sit there with at least one of them
offline and some error about a bad file pointer or record (some problem
with the OPSEC integration I suppose). Its possible to get them going by
bouncing the Firewall-1 and issademon management system.
The Cisco modules are equally, but even more inexplicably unreliable.
Oh....dont create a text log monitoring rule with Server Sensor on the
same box, the Server Sensor opens the Syslog port and the TPM quite
naturally fails to start.
I suspect that they are very similar to Fusion in that they cannot / do
not coexist with Server Sensor (even though this combination is
supported) Uninstalling a TPM when Server Sensor is installed, in my
experience leaves issdaemon completely unusable.
I too have opened support cases. But been unable to resolve the above
problems.
Stephen Cooper, CISSP.
-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of Jason Baeder
Sent: Tuesday 01, February, 2005 23:21
To: issforum@iss.net
Subject: [ISSForum] Third Party Module stopping
All,
We have the Third Party Module (TPM) installed on Win2K SP6. Two Cisco
PIX report log events to this TPM. The TPM will suddenly, without
warning, stop. Ever so capricious, it will might also stop if one logs
into the server console. While we can restart the TPM from
SiteProtector, the flood of ICMP that is precipitated by the TPM's
untimely demise is more than annoying (ICMP type 3/code 3).
It is my understanding that before I arrived at this client site this
issue had already been raised with ISS (last year sometime). There was
no real resolution: after several rounds of troubleshooting, the client
was told to reinstall the module. It has been reinstalled more than
once.
Has anyone else run into this problem?
TIA,
Jason Baeder
GCIA CISSP
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
Disclaimer
This e-mail message shall not be construed as legally binding on the Bank for
International Settlements (BIS). As internet communications are not secure, the
BIS does not accept responsibility for the content of this message.
This message is intended only for the recipient(s) named above. Any
unauthorised disclosure, use or dissemination, either in whole or in part, of
this message is prohibited. If you have received this message in error, please
inform the sender immediately by return e-mail and delete this message and any
attachments thereto from your system.
Thank you for your cooperation.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
