[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Heads UP! Service Object Change, Don't Do it...
You hit it right on the nose. This was something I did not know when I made the changes. I assumed (and we know what happens there) that it was no different than name a user-defined object. Well I guess that is why we have a group like this... to air out our mistakes from time to time. ;-) Joseph L. Cosgriff Carolina Power and Light Firewall Administrator Work:Pager:Cell:[email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, September 12, 2000 10:39 AM To: Cosgriff, Joe Cc: [email protected] Subject: Re: [FW1] Heads UP! Service Object Change, Don't Do it... I use this format for user-defined services but leave the built-in ones alone (probably a wise move by the sound of it !). Would be interesting to hear why rename causes problems - perhaps they are referred to by their "well-known" port names in some lookup file ? Effectively most 'sniffers' will show a service as smtp, ftp etc. and Checkpoint is expecting to handle in a similar fashion ? - i.e. packet shows ftp type but your rule refers to ftp-21 which doesn't exist so fw1 can't do anything with that rule. This is my best guess anyway - any other ideas out there ? Tim Higgins "Cosgriff, Joe" <[email protected]> To: "'[email protected]'" Sent by: <[email protected]> [email protected] cc: kpoint.com Subject: [FW1] Heads UP! Service Object Change, Don't Do it... 12/09/00 12:25 I am not sure if any one else has run into this problem but I did in a big way last night. I am a little new to checkpoint FW-1 and I also am trying to work through an inherited rule base that is + 75 rules. I am not trying to make an excuse just inform you as to my reason for some changes I was making. I was going through the rule base yesterday and making name change to the services objects. (i.e. if we had an object that was TCP based and doing something on a specific port, to make quick review of the rule base; I changed the object to read TCP-<port#>). In my over zealous attempt at simplification I also made the name change to all services, i.e. TCP-telnet by adding, TCP-telnet-<port#> and to the default objects. Again, this was done in the "Service Properties" window under the General- Name tab. All I added was the name <telnet-<port#>. No change was made to the Port number or the protocol type. The only thing that was added was the addition of the port # after the name. This may sound confusing and let me tell you, it was very confusing trying to figure it out. I guess you are never to change the default service objects. Being new and having graduated the checkpoint class I do not remember any one ever saying don't change the default objects. If any one knows where this is documented please let me know. If any one is even thinking about changing the object don't. I am not sure why a name change would effect the service but apparently it does. Hope this helps at least one person. Joseph L. Cosgriff ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== #********************************************************************** This message is intended solely for the use of the individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Hughes Network Systems Limited, including its European subsidiaries and affiliates. Hughes Network Systems Limited, including its European subsidiaries and affiliates accepts no responsibility for loss or damage arising from its use, including damage from virus. #********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|