[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISSForum] SAM configuration - CheckPoint NG
I have ISS support working on this, but I haven't heard from them in like
two days, so who knows what's going on.
I have the following problem.
I have exchanged keys using opsec_putkey, fw putkey, and the IDS sensor and
the SmartCenter appear to talk properly, no errors.
However, when I configure a rule to utilize OPSEC and to notify -> block
service. I see the following in my /var/log/messages.
May 21 17:47:51 ids_1 ISS: (network_sensor_1) - send_sam_action( 4, 4,
FW_Cluster, 32, 60, 0x0, 0x0, 0, 6 )
On my firewall I see SAM request, notify, src=0.0.0.0 dst=0.0.0.0 srv=0,
which means any,any,any. Why isn't the IDS sending over the particular
Is there a flag somewhere, or something I need to change?
I also read the SAM configuration guide, no help. I also found another
document that suggested that you need 4.1 backward compatability installed,
however, I don't really think this is necessary, since the IDS and FW are
communicating, it's just that the IDS is not sending the appropriate
Enterprise Information Security
LSU Health Sciences Center
doflyn@xxxxxxxxxx <mailto:doflyn@xxxxxxxxxx> (504)568-6130
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.