[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FW1 SP2 on NT4, no service helper
Isn't that the point of the "control IP forwarding" option specified during setup (can also be modified afterwards using the configuration GUI)? Or are you saying that it doesn't work? Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, September 19, 2000 12:48 PM To: [email protected] Subject: [FW1] FW1 SP2 on NT4, no service helper I am sure that many of you that are using NT4 have run into this problem... FW1 services on NT do not control routing, the operating system does. When (not if) a FW1 service fails, it will no longer filter packets and it will route between interfaces and also allow direct access to the firewall itself. So thats a good reason to harden the firewall itself as much as possible, however I would like to setup some local monitoring of the services running on the firewall and if a given service fails, attempt recovery of the service and after some interval shutdown the server. I don't want to use perl because I don't feel having this tool installed on the firewall is a good idea. (perhaps perl2exe). I also don't want to use 3rd party products like NTManage, Hyena or whatever...I was kind of hoping someone had coded a Win32 app that acts as a service helper for FW1. One problem appears that each service/process spawned has same name "FW.EXE", so you will have to rely on service control manager to accurately report status of service. (sometimes the SCM is hosed as well as the service) In addition, what kind of file system auditing works best? Anyone familiar with tripwire might be using similar product on NT such as Intact. I haven't set this up yet, I was wondering if anyone learned any lessons here... ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|