[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] SiteProtector 2.0sp3 & RSDP 7.0 - adaptive profile issue



This is likely due to the RSDP losing contact with Site Protector upon
its next heartbeat. 

RSDP heartbeats in to Site Protector (SP) every hour, by default. If an
agent heart beats in and SP is unavailable or the originating IP address
is not within your corpnet definition, then it will switch back to
default profile. 

One common trip up with this is NATing. If you have remote RSDP agents
coming in over a VPN, if their orignal IP address gets NAT'ed, you have
to make sure the NAT address is in the corpnet range. 

___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security



-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] On
Behalf Of Galea, Gilbert, VF-MT
Sent: August 10, 2004 7:49 AM
To: issforum@xxxxxxx
Subject: [ISSForum] SiteProtector 2.0sp3 & RSDP 7.0 - adaptive profile
issue

Dear ISS Forum,

I have successfully installed and implemented ISS SiteProtector with 1
Desktop Controller and initiated the testing phase on
4 RSDP agents. I have configured(through SiteProtector Console) the 3
adaptive profiles: default, corpnet and vpn and they seem to be working
fine. That is, when I connect to the IPs of the corporate
network: agent changes from default to corpnet and viceversa on an
unknown network. VPN profile works fine too when connecting to a
CheckPoint gateway through SecureClient R56.

My only issue (and I wonder if somebody else has ever seen this type of
behaviour) is that sometimes whilst on the corpnet profile, the agent
switches its profile to default haphazardly. I can't associate what is
triggering this. Could you please help me out in this? Otherwise

I must say this is a brilliant product!

Regards,
Gilbert

==========================================================

This email is intended only for the use of the individual to whom it is
addressed. As it may contain confidential or privileged information, if
you are not a named addressee, intended recipient, or the person
responsible for delivering the message to the named addressee, be
advised that you have received this email in error and that you should
not disseminate, distribute, print, copy this mail or otherwise divulge
its contents. In such instances, please notify Vodafone Malta Limited on
telephone number +356 21482820 and delete this email from your system.  
Since this transmission was effected via email, Vodafone Malta Limited
cannot guarantee that it is secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. Vodafone Malta Limited does not accept liability for
any errors or omissions in the contents of this message which arise as a
result of email transmission.



_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.