|
List Info
Thread: Bad Anti-Spoof Recovery
|
|
| Bad Anti-Spoof Recovery |
|
2006-07-24 19:51:14 |
I have an enforcement module that appears to have a
"bad"
policy installed. That is, it feels that traffic coming in
from the management server is spoofed. So how does one
install a corrected policy on this system? Obviously, you
cannot push a policy, but sometimes traffic originating from
the firewall itself gets through the anti-spoofing, so I
thought a,
# fw fetch <master>
Might work, but I no. So then I tried,
# fw ctl uninstall
To kill the anti-spoofing, but the fetches would still fail.
What is a procedure to "reaquire" a module that
has incorrectly
decided the management server is spoofing?
--
Crist J. Clark crist.clark globalstar.com
Globalstar Communications
(408) 933-4387
B¼information contained in this e-mail message is
confidential, intended only for the use of the individual or
entity named above. If the reader of this e-mail is not the
intended recipient, or the employee or agent responsible to
deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you
have received this e-mail in error, please contact
postmasterglobalstar.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Bad Anti-Spoof Recovery |
|
2006-07-24 20:29:52 |
> I have an enforcement module that appears to have a
"bad"
> policy installed. That is, it feels that traffic coming
in
> from the management server is spoofed.
Check your interfaces configuration in your FW-object,
make sure that all a-spoofing params are set correct
for each subnet.
>So how does one
> install a corrected policy on this system? Obviously,
you
> cannot push a policy, but sometimes traffic originating
from
> the firewall itself gets through the anti-spoofing, so
I
> thought a,
>
> # fw fetch <master>
>
> Might work, but no.
How does it fail then ? Error ?
>So then I tried,
>
> # fw ctl uninstall
>
> To kill the anti-spoofing, but the fetches would still
fail.
>
> What is a procedure to "reaquire" a module
that has incorrectly
> decided the management server is spoofing?
>
Subnet (interfaces) , should have the correct params set
w.r.t the
networks they connect too.
M.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Bad Anti-Spoof Recovery |
|
2006-07-24 21:12:47 |
fw unloadlocal , does SIC check out good? When you try to
install a policy what error(s) do you see. Are you getting
logs from this module?
-GS
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Crist Clark
Sent: Monday, July 24, 2006 3:51 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Bad Anti-Spoof Recovery
I have an enforcement module that appears to have a
"bad"
policy installed. That is, it feels that traffic coming in
from the management server is spoofed. So how does one
install a corrected policy on this system? Obviously, you
cannot push a policy, but sometimes traffic originating from
the firewall itself gets through the anti-spoofing, so I
thought a,
# fw fetch <master>
Might work, but I no. So then I tried,
# fw ctl uninstall
To kill the anti-spoofing, but the fetches would still fail.
What is a procedure to "reaquire" a module that
has incorrectly
decided the management server is spoofing?
--
Crist J. Clark crist.clarkglobalstar.com
Globalstar Communications
(408) 933-4387
B¼information contained in this e-mail message is
confidential, intended only for the use of the individual or
entity named above. If the reader of this e-mail is not the
intended recipient, or the employee or agent responsible to
deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you
have received this e-mail in error, please contact
postmasterglobalstar.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Bad Anti-Spoof Recovery |
|
2006-07-24 22:13:11 |
Try giving "fwm unloadlocal" on the module and
then push policy from the
smartdashboard after modifying the anti-spoofing parameters.
Ramki
CCNA, CCSE-NGAI
Crist Clark wrote:
> I have an enforcement module that appears to have a
"bad"
> policy installed. That is, it feels that traffic coming
in
> from the management server is spoofed. So how does one
> install a corrected policy on this system? Obviously,
you
> cannot push a policy, but sometimes traffic originating
from
> the firewall itself gets through the anti-spoofing, so
I
> thought a,
>
> # fw fetch <master>
>
> Might work, but I no. So then I tried,
>
> # fw ctl uninstall
>
> To kill the anti-spoofing, but the fetches would still
fail.
>
> What is a procedure to "reaquire" a module
that has incorrectly
> decided the management server is spoofing?
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Bad Anti-Spoof Recovery |
|
2006-07-24 22:03:05 |
>>> On 7/24/2006 at 2:12 PM, Gary Scott
<gscottVIGILAR.COM> wrote:
> fw unloadlocal , does SIC check out good? When you try
to install a policy
> what error(s) do you see. Are you getting logs from
this module?
The SIC is/was fine. As for the errors, I was operating with
"remote
hands," i.e. someone at the remote site typing my
instructions and
reporting back responses over the phone. My notes and
recollections
are fuzzy on the exact errors. The system in question is no
longer on
the network (we had to fall back to the old configuration),
so I cannot
go reproduce the errors. I also restored the old
configuration with a
export_upgrade/import_upgrade on the management server, so
my old
borked configuration got wiped out.
But the mention of "unloadlocal" makes me think
that is my problem.
I was telling my helper "fw ctl uninstall" when
what I _meant_ was
"fw unloadlocal." When you do a "fw ctl
uninstall," I don't think
you can do any policy installations, which is why they
failed. If I
had been on the console, I probably would have caught it.
Damn remote
upgrades.
However, I'm still hoping for a sure-fire procedure to pull
a system
with a hosed policy back from its self-imposed isolation.
It'll
take me a day or two to get this simulated in a lab setup,
and I'd
like to reschedule another attempt to do this ASAP.
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Crist
> Clark
> Sent: Monday, July 24, 2006 3:51 PM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: [FW-1] Bad Anti-Spoof Recovery
>
> I have an enforcement module that appears to have a
"bad"
> policy installed. That is, it feels that traffic coming
in
> from the management server is spoofed. So how does one
> install a corrected policy on this system? Obviously,
you
> cannot push a policy, but sometimes traffic originating
from
> the firewall itself gets through the anti-spoofing, so
I
> thought a,
>
> # fw fetch <master>
>
> Might work, but I no. So then I tried,
>
> # fw ctl uninstall
>
> To kill the anti-spoofing, but the fetches would still
fail.
>
> What is a procedure to "reaquire" a module
that has incorrectly
> decided the management server is spoofing?
B¼information contained in this e-mail message is
confidential, intended only for the use of the individual or
entity named above. If the reader of this e-mail is not the
intended recipient, or the employee or agent responsible to
deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you
have received this e-mail in error, please contact
postmasterglobalstar.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| AW: Bad Anti-Spoof Recovery |
|
2006-07-25 08:07:18 |
Have you tried fw unloadlocal ?
&/ hv
> -----Ursprüngliche Nachricht-----
> Von: Mailing list for discussion of Firewall-1
[mailto:FW-1-
> MAILINGLISTAMADEUS.US.CHECKPOINT.COM] Im Auftrag von
Ramki Security
> Gesendet: Dienstag, 25. Juli 2006 00:13
> An: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Betreff: Re: [FW-1] Bad Anti-Spoof Recovery
>
> Try giving "fwm unloadlocal" on the module
and then push policy from the
> smartdashboard after modifying the anti-spoofing
parameters.
>
> Ramki
> CCNA, CCSE-NGAI
>
> Crist Clark wrote:
> > I have an enforcement module that appears to have
a "bad"
> > policy installed. That is, it feels that traffic
coming in
> > from the management server is spoofed. So how does
one
> > install a corrected policy on this system?
Obviously, you
> > cannot push a policy, but sometimes traffic
originating from
> > the firewall itself gets through the
anti-spoofing, so I
> > thought a,
> >
> > # fw fetch <master>
> >
> > Might work, but I no. So then I tried,
> >
> > # fw ctl uninstall
> >
> > To kill the anti-spoofing, but the fetches would
still fail.
> >
> > What is a procedure to "reaquire" a
module that has incorrectly
> > decided the management server is spoofing?
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
[1-6]
|
|