[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] eSafe CVP Servers
Chris, I ran Websense on the same machine, togehter with ESafe. I had nothing but troubles. Nothing against Websense. Afterwards, I reinstalled the machine from scratch, with all the patches for the required hardware. It worked fine until once I forgot my Netscape broswer up and running on the machine. >From that moment it ran about two more days and then the machine hanged. The lesson I learnt was that I should never run any program than esafe on that machine. Hope this helps a bit. I suggest you start with a clean reinstall of OS, then eSafe, enable STMP if it works and only afterwards enable FTP. That's all I would do. YOurs, Cristian Chris F wrote: > > Hi Cristian, > > Thank you for your reply. > > I only use my eSafe for SMTP and FTP AV. If/when I use > the HTTP scrubbing -- it works for a few hours, then > it stops all HTTP traffic (looses connectivity with > the firewall). To much of a pain. It's really too bad > -- I wish it worked. > > I have bugged eSafe for help -- but so far, no > resolution. eSafe gave me the run-around, and I > finally gave up. Other have complained about the same > problem. I'll probably go with Norton once my eSafe > license expires. > > This is my config: > > Dedicated full T1 Internet access > FW1 v4.1 SP2 on Solaris 2.6 143MHz Usparc 320MB RAM > > eSafe v2.1/99 on NT4.0 Server (SP5) PI 233 256MB RAM > Websense v3.11 also on this NT4.0 server, which is > only a PC clone. HDDs are UW SCSI drives. IDE is evil! > > The NT box and firewall are connected to a Cisco > switch. Firewall is forced at 10/HDX -- while the NT > has a SMC NIC running at 100/FDX (also forced to > 100/FDX. Force everything -- don't auto neg, according > to Cisco). We've had problems with 3COM cards. We > don't use them anymore. We've had good experiences > with Intel NICs. Anyway... > > My switch connection status between NT and firewall is > the cleanest on our network. > > The only tips I have for eSafe are: > > - Per: eSafe README, comment out the "auth_opsec" > 18182 line in $FWDIR/conf/fwopsec.conf > Or, something like that. See the readme file. I > forget. > > - Use "Low Security" in defeat timeout in eSafe > configuration > > - streamline your FW1 rules. Make them simple, ordered > with most used at the top. > > That's about all I can think of. Hope this helps! > > -- Chris > > --- Cristian Nicolae <[email protected]> > wrote: > > Hi Chris, > > I am using the same version as you do. It runns on a > > NT Server OS. > > As I said, I did not enable the HTTP content > > scanning because of the > > performance reasons. > > Just to give you an idea, I have a 1 Mbps connection > > to the Internet and > > as soon as I > > enabled HTTP scanning my access became as fast as I > > was using a 128 kbps > > line. Of course, I do not pretend that these figures > > are exact, but the > > machine was getting on its knees with that. > > My firewall is a Nokia IP650 4.1 SP2. > > Although I am not an NT expert, I am inclined to say > > that NT can hardly > > be tuned when there is a performance bottleneck. > > > > My idea is to take another product running on a > > UNIX/Linux platform for > > this kind of thing. > > I would gladly consider FreeBSD but there are not > > too many products of > > this sort running on FreeBSD. > > One other option is to take the biggest and the > > greatest Intel box an > > put NT on it. > > Any experience with this issue is greatly > > appreciated. > > Cristian > > > > > > Chris F wrote: > > > > > > Cristain, > > > > > > I use eSafe as well. I have trouble using it to > > scrub > > > HTTP. After some time, the connectivity between > > the > > > eSafe server and the firewall dies (as if eSafe > > can't > > > keep up). > > > > > > I have other issues with FTP scanning. Others have > > > mentioned the same. > > > > > > I'm running eSafe v2.1/99 on NT4.0 SP5 > > > FW-1 v4.1 SP2 on Solaris 2.6 > > > > > > What versions of eSafe and OSes are you at? > > > > > > Thanks -- Chris > > > > > > --- Cristian Nicolae <[email protected]> > > > wrote: > > > > > > > > Hi, > > > > I have been using eSafe sucessfully. In a > > network > > > > with 450 users > > > > I've been running eSafe on a Compaq Professional > > > > Workstation AP500 with > > > > 128 MB RAM. > > > > My opinion is that SMTP scanning works very well > > if > > > > one is running not > > > > but eSafe on that machine. > > > > On the other hand, enabling the HTTP and FTP > > > > scanning decreased > > > > significantly the access speed. > > > > I would be curious to learn from other people > > > > experience. > > > > > > > > I understood that with FW-1 4.1 one can use more > > > > than once CVP server. > > > > I believe that when it comes to antivirus it is > > > > worth to have a cascaded > > > > setup with different products. > > > > > > > > I would be curious to know if anyone has been > > using > > > > TrenMicro on Linux > > > > with HTTP scanning enabled > > > > and if there any performance issues. > > > > > > > > Cristian > > > > > > > > > > > > > > > > > > > > > > > > Ed Davidson wrote: > > > > > > > > > > I am looking at the various CVP servers for > > > > AntiVirus. I was wondering what > > > > > people are using and what you like. I have > > looked > > > > at eSafe's, Trend > > > > > Micro's, and Nortons. It seemed that eSafes > > had > > > > the nicest feature set, > > > > > but I couldn't get it to work stable. Nortons > > was > > > > the most stable and > > > > > easiest to use. > > > > > > > > > > What are your opinions? > > > > > > > > > > Thank you. > > > > > > > > > > Edwin Davidson. > > > > > > > > > > > > > > > > > > ================================================================================ > > > > To unsubscribe from this mailing list, > > please > > > > see the instructions at > > > > > > > > http://www.checkpoint.com/services/mailing.html > > > > > > > > > > ================================================================================ > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Send instant messages & get email alerts with > > Yahoo! Messenger. > > > http://im.yahoo.com/ > > > > > > > > > ================================================================================ > > > To unsubscribe from this mailing list, please > > see the instructions at > > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================================================ > > __________________________________________________ > Do You Yahoo!? > Send instant messages & get email alerts with Yahoo! Messenger. > http://im.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|