Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] services/ports used from management station to fw1

To: [email protected]
Subject: Re: [FW-1] services/ports used from management station to fw1
From: Sadir Al-khafaji <[email protected]>
Date: Thu, 15 Aug 2002 11:25:12 +0200
Organization: GIS
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1

Björn Sjöholm wrote:

Hello,

I run a Checkpoint Firewall-1 NG FP2 och Solaris/Sparc.

I have a couple of questions regarding the communication between
the management station (cm) and a fw-1 firewall.

- Which is the minimal set of TCP ports used for communication between
the management station and a firewall-1 host?

You can check that in $FWDIR/lib/services.def


- Why is the services FW1_ica_pull/18210, FW1_ica_push/18211 and
FW1_ica_services/18264 included in the default FireWall-1 Service Group?

Because it is an Internal CA and it has to check certs periodiclly to
intiaite SIC otherwise the entire
SIC will fail and you cannot connect the management to the firewall


- Why is FW1_ica_service/18264 open to the outside world via
"Rule 0", and how do I shut it off? The rule is not shown using
"View/Implied Rules".

It is an ldap i don't think you can close it if not from
dbedit properties firewall_properties check it out.

or you can just try to play with
$CPSHARED/5.0/conf/sic/sic_policy.conf Not recommended by CHECKPOINT but
you can give it a shot

/// Sadir

Sincerely,

Björn

--
Björn Sjöholm             <[email protected]>
Europoint Networking AB   www.europoint.se

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] services/ports used from management station to fw1
  - From: Björn Sjöholm <[email protected]>

Prev by Date: [FW-1] Firewall ng-fp2 error
Next by Date: Re: [FW-1] How to make a rule to allow telnet to the firewall?
Previous by thread: [FW-1] services/ports used from management station to fw1
Next by thread: Re: [FW-1] services/ports used from management station to fw1
Index(es):
- Date
- Thread