Ronald,
SAM stands for Suspicious Activity Monitoring
protocol. This is a normally a good thing however if you are using a third
party like Real Secure to write to an OPSEC response on the fly, it may quickly
get into a problem if your settings are not good or false positives. If
you don't have any third party software, you may want to review you SAM
settings.
To view the table of IP addresses currently
blocked by SAM, issue the following command: fw tab -t
sam_blocked_ips
Use the command 'fw sam -D' to "unblock" everyone that you may have blocked
with the Block Intruder function. Once you do this command, stay at the
logs and check any large ammount of drops from a specific source.
Hope this helps.
Simon Desmeules
----- Original Message -----
Sent: Monday, January 07, 2002 3:54
PM
Subject: [FW-1] Connections being reject
by Rule "SAM"
Hello Security
Professionals.
I have a single subnet whose users are being denied
Internet access. Upon checking the log viewer I see that http is being
rejected by rule "sam". What can I do to restore the connection. Also,
what does the acronym SAM stand for. I think its function is to block
connections before that are processed by the inspection engine. I know this by
virtue of there not being any actual rule number rejecting the connection.
Ronald T. Jacobs Time Warner Cable Senior Systems Engineer
101 Innovation Drive Suite 100 Morrisville, NC 27560
|