Hi All,

My fw send me the audit log below via e-mail 200-500 per day.

what could be the cause for this error?

Thanks for the supports..

For a complete listing of the events that triggered this alarm please execute the following command (All on one line):

___BEGIN_CMD___

acat -a -e "type AUDIT_T_CFG_CHANGE

and stime 20081215093300 and etime 20081215093300" /var/log/audit.raw ___END_CMD___

Note: Due to rounding error and network traffic patterns, the above command

      may produce more events than were included in this alarm.

The following are the last 1 events seen:

Dec 15 09:33:00 2008 EET  f_system a_general_area t_cfg_change p_major

pid: 10502 ruid: 0 euid: 0 pgid: 10501 fid: 0 logid: 0 cmd: 'cf'

domain: CARW edomain: CARW hostname: fw.local admin: root

information: Branch  locked by user root

Hi

I am trying to find information on the maximum route table entry/size
for a sidewinder 2150e running v7.  Looking to run OSPF with approx
2000 routes.

Secure Computing has only said there is no Hard Cap but I haven't been
able to get anymore information other than that.

Any help would be appreciated.

Hello,

This email message is a notification to let you know that
a file has been uploaded to the Files area of the sidewinder-users
group.

   File        : /Scripts/sef-parser-beta1.pl.gz.uu
   Uploaded by : ace5657388 <ace5657388@...>
   Description : Perl BETA script to parse SEF remote syslog events

You can access this file at the URL:
http://groups.yahoo.com/group/sidewinder-users/files/Scripts/sef-parser-beta1.pl\
.gz.uu

To learn more about file sharing for your group, please visit:
http://help.yahoo.com/l/us/yahoo/groups/original/members/web/index.htmlfiles

Regards,

ace5657388 <ace5657388@...>

Don't forget "cf nss"
This gives you all of the server and ipfilter information as well.

I believe that in Sidewinder 7 "cf acl q" has been replaced with "cf policy q" as well.

I am looking for a way to get the policies (firewall/vpn rules or more)
out of the box to do offline analysis. Is there any way to get those --
like saving to a file or accessing from database if they are maining in
db or any other way I did not think of.. CheckPoint supports CMPI
connection to get the firewall policies out of the box for further
analysis or reporting. I am looking for similar ways for Sidewinder
also. Does any one done any similar work before.. please let me know
new ways to do this...

Thanks & Regards,

Sridhar P



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/sidewinder-users/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/sidewinder-users/join
(Yahoo! ID required)

<*> To change settings via email:
mailto:sidewinder-users-digest@yahoogroups.com
mailto:sidewinder-users-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
sidewinder-users-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

I am looking for a way to get the policies (firewall/vpn rules or more)
out of the box to do offline analysis. Is there any way to get those --
like saving to a file or accessing from database if they are maining in
db or any other way I did not think of.. CheckPoint supports CMPI
connection to get the firewall policies out of the box for further
analysis or reporting. I am looking for similar ways for Sidewinder
also. Does any one done any similar work before.. please let me know
new ways to do this...

Thanks & Regards,

Sridhar P

Sidewinder 4.0 had Xeyes.


--- In sidewinder-users@yahoogroups.com, "K K" <kkadow@...> wrote:
>
> On 2/3/08, Justin Beeler (JBEELER.COM) <justin@...> wrote:
> > Scott is there any plan on a web interface for the Sidewinder GUI?
> > or are you guys sticking with a strickly Winblowz interface?
>
> Personally, I'm not a fan of web-based firewall management.
>
> OTOH, I miss the old X cobra client.
>
>
> Kevin
>

hi scott,
thanks for you answer.

--- In sidewinder-users@yahoogroups.com, Scott Montgomery
<scottyva@...> wrote:
>
> No IPX support is available on any Sidewinder appliance of any
version.
>
> S
>
> fakhruddin_seth <fakhruddin_seth@...>
wrote: Hi Guys,
> Can any one share info about IPX support in Sidewinder 4150 G2
> Appliance, is it available or not?
> thanks in advance.
>
>
>
>
>
>
> ---------------------------------
> Looking for last minute shopping deals? Find them fast with Yahoo!
Search.
>

hi scott,
thanks for you answer.


--- In sidewinder-users@yahoogroups.com, Scott Montgomery
<scottyva@...> wrote:
>
> No IPX support is available on any Sidewinder appliance of any
version.
>
> S
>
> fakhruddin_seth <fakhruddin_seth@...>
wrote:                               Hi Guys,
>  Can any one share info about IPX support in Sidewinder 4150 G2
>  Appliance, is it available or not?
>  thanks in advance.
>
>
>
>
>
>
> ---------------------------------
> Looking for last minute shopping deals?  Find them fast with Yahoo!
Search.
>

On 2/3/08, Justin Beeler (JBEELER.COM) <justin@...> wrote:
> Scott is there any plan on a web interface for the Sidewinder GUI?
> or are you guys sticking with a strickly Winblowz interface?

Personally, I'm not a fan of web-based firewall management.

OTOH, I miss the old X cobra client.


Kevin

No IPX support is available on any Sidewinder appliance of any version.

S

fakhruddin_seth <fakhruddin_seth@yahoo.co.in> wrote:

Hi Guys,
Can any one share info about IPX support in Sidewinder 4150 G2
Appliance, is it available or not?
thanks in advance.

---

Looking for last minute shopping deals? Find them fast with Yahoo! Search.

-- ----------------------------------------------------------------------
Justin Beeler (JBEELER.COM)
Website URL: http://www.jbeeler.com
- UNIX IS user friendly.....it's just picky about who it chooses to be friends with.
"The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge.
----------------------------------------------------------------------

Hi Guys,
Can any one share info about IPX support in Sidewinder 4150 G2
Appliance, is it available or not?
thanks in advance.

Hi Guys,
Can any one share info about IPX support in Sidewinder 4150 G2
Appliance, is it available or not?
thanks in advance.

Sometime ago after an upgrade to Sidewinder G2 the Citrix proxy no longer worked properly, and we had to improvise with a with a generic TCP proxy and UDP filter to allow the traffic to pass properly. 

Has the Citrix proxy been fixed?  Does it now work properly for both the TCP and UDP connections?

        Thanks,
        Frank

Sometime ago after an upgrade to Sidewinder G2 the Citrix proxy no longer worked properly, and we had to improvise with a with a generic TCP proxy and UDP filter to allow the traffic to pass properly. 

Has the Citrix proxy been fixed?  Does it now work properly for both the TCP and UDP connections?

        Thanks,
        Frank

I missed the part in the crontab man page the you need to escape the
% with a \ so now it works.

Mike


-- In sidewinder-users@yahoogroups.com, "Mike" <ramses_the_1st@...>
wrote:
>
> I am trying to get a cron job going to do a config backup of my EM
> server and I am running into a strange issue. Here is the beginning
of
> the command:
>
> /usr/sbin/cf config backup loc=remote filename=fwbackup`date +%y%m%
d`
> directory=/data/fwbackup/
>
> The job will run just fine from the command line, but when run from
> cron it blows up using the date function. The cron log looks like
this:
>
> /usr/sbin/cf config backup loc=remote filename=fwbackup`date +)
>
> Is there a know issue with using the date function in cron? It just
> seems odd that it will work from the cli but not in cron.
>
> Mike
>

I am trying to get a cron job going to do a config backup of my EM
server and I am running into a strange issue. Here is the beginning of
the command:

/usr/sbin/cf config backup loc=remote filename=fwbackup`date +%y%m%d`
directory=/data/fwbackup/

The job will run just fine from the command line, but when run from
cron it blows up using the date function. The cron log looks like this:

/usr/sbin/cf config backup loc=remote filename=fwbackup`date +)

Is there a know issue with using the date function in cron? It just
seems odd that it will work from the cli but not in cron.

Mike

tcpdump -npi [ifname, exp0 for example] -X -s220

You can throw other parameters in such as:

host 100.2.3.4 and port 80

There are some other commands that you can use to
filter it down to a specific stream as well if that
isn't good enough.

If I am looking for something specific, I will
redirect it to a file with:

> /home/dump.txt

for example and then grep for whatever I am looking
for.

- F

--- Eric Pancer <epancer@gmail.com> wrote:

> On 10/26/07, Matthew <matthew.harvey@usdoj.gov>
> wrote:
>
> > Does anyone know how to perform a packet-level
> capture on an interface
> > on a G2? To create a PCAP or similar file, that
> is.
>
> This is pretty easy. You can use tcpdump to monitor
> interfaces.
>
> Just `man tcpdump`.
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

tcpdump -npi [ifname, exp0 for example] -X -s220

You can throw other parameters in such as:

host 100.2.3.4 and port 80

There are some other commands that you can use to
filter it down to a specific stream as well if that
isn't good enough.

If I am looking for something specific, I will
redirect it to a file with:

  > /home/dump.txt

for example and then grep for whatever I am looking
for.

   - F



--- Eric Pancer <epancer@...> wrote:

> On 10/26/07, Matthew <matthew.harvey@...>
> wrote:
>
> > Does anyone know how to perform a packet-level
> capture on an interface
> >  on a G2? To create a PCAP or similar file, that
> is.
>
> This is pretty easy. You can use tcpdump to monitor
> interfaces.
>
> Just `man tcpdump`.
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

As mentioned before, use tcpdump.  If you would like to write the
capture to a file, for viewing at a later time with tcpdump or
wireshark, simply use the -w flag.

On 10/26/07, Matthew <matthew.harvey@...> wrote:

> Does anyone know how to perform a packet-level capture on an interface
>  on a G2? To create a PCAP or similar file, that is.

This is pretty easy. You can use tcpdump to monitor interfaces.

Just `man tcpdump`.

Does anyone know how to perform a packet-level capture on an interface
on a G2? To create a PCAP or similar file, that is.

You can have up to 14 interfaces on the mid models and
go up to 26 on the big boxes.


Since the Sidewinder O.S. [secure o.s.] is extremely
locked down, all hardware drivers have to be added to
the O.S.  It's not like you can just add your own
drivers.

What this meant is that many, many, time someone would
buy a server that had components that were not on the
HCL.

What this meant was down time for the firewall and
also hours and hours of support calls to try and
troubleshoot problems for hours to track down a bad
nic card, etc.

With the appliance, all of that down time goes away
because you know it will just work.  I did an install
once and the server came with 3com 905-c's which were
not supported.  The model that did work was the 905-b,
which didn't have netbios blasts built into the nic.

Had to burn two days waiting for the right part to
show up.


--- Daniel Sichel <daniels@...> wrote:

> I have not yet seen version 7, but it sounds pretty
> good. I hear the GUI
> is or soon will be Java based which makes me
> hesitant,  Java always
> seems slow and kludgy with lots of annoying bugs in
> user interfaces.  I
> complained bitterly for years over the  PHP issues,
> and now in 6.1x they
> have it really well executed IMHO.   I do have one
> question, what is the
> maximum number of interfaces in one of their
> appliances? I have eight
> interfaces on my appliance, all in use, and it
> looks like I will soon
> be needing a ninth.  If they supported more
> interfaces that would be a
> compelling reason to upgrade.
>
>
>
> Thanks for all the comments about this.  I am not
> really sure how I feel
> about the end of life issue. On the one hand I
> understand Secure needs
> to generate revenue and control costs which dictates
> older issue
> equipment going end of  life, but on the other hand,
> this type of
> upgrade is expensive and disruptive, and  I wonder
> about what is owed
> the end user who drops tens of thousands of dollars
> into a firewall then
> pays support too. As I often have said, it's one
> thing when I pay $79
> bucks for an off the shelf device at Best Buy and
> call support, but
> totally another when I pay these prices.  This is
> why I WON"T USE
> SYMANTEC PRODUCTS.  I guess I feel like Secure
> support is generally
> very, very good but their product policies leave
> something to be
> desired. It's like Winston Churchill's description
> of democracy,
> "...It's the worst form of government in the world
> -except all the
> others."
>
>
>
> Daniel Sichel, CCNP, MCSE
>
> Network Engineer
>
> Ponderosa Telephone (559) 868-6367
>
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

I have not yet seen version 7, but it sounds pretty good. I hear the GUI is or soon will be Java based which makes me hesitant,  Java always seems slow and kludgy with lots of annoying bugs in user interfaces.  I complained bitterly for years over the  PHP issues, and now in 6.1x they have it really well executed IMHO.   I do have one question, what is the maximum number of interfaces in one of their appliances? I have eight interfaces on my appliance, all in use, and it  looks like I will soon be needing a ninth.  If they supported more interfaces that would be a compelling reason to upgrade.

 

Thanks for all the comments about this.  I am not really sure how I feel about the end of life issue. On the one hand I understand Secure needs to generate revenue and control costs which dictates older issue equipment going end of  life, but on the other hand, this type of upgrade is expensive and disruptive, and  I wonder about what is owed the end user who drops tens of thousands of dollars into a firewall then pays support too. As I often have said, it’s one thing when I pay $79 bucks for an off the shelf device at Best Buy and call support, but totally another when I pay these prices.  This is why I WON”T USE SYMANTEC PRODUCTS.  I guess I feel like Secure support is generally very, very good but their product policies leave something to be desired. It’s like Winston Churchill’s description of democracy, “…It’s the worst form of government in the world –except all the others.”

 

Daniel Sichel, CCNP, MCSE

Network Engineer

Ponderosa Telephone (559) 868-6367

Dan,

Have you seen Sidewinder v. 7?  That is what's running on the new
appliances.  The single panel rule screen is awesome and your proxies
and ip filters are all in a single rule set.  Also, you do not have
to run and turn a proxy on before making the acl.  Simply creating
the rule opens the proxy/server that you trying to control.

  - F







--- In sidewinder-users@yahoogroups.com, "Justin Beeler
(JBEELER.COM)" <justin@...> wrote:
>
> Dan,
>
> Stick with 6.1.2x and your current server(s).  If what you have
works
> for you then stick with it!  Since a Sidewinder has "never been
> breached" then you have nothing to worry about.  Of course you
won't be
> able to get upgrades or anything, but you'll still be very well
> protected.  The 6.1.2.x platform is very stable, very reliable, and
very
> secure.  The old saying "if it ain't broke, don't fix it" comes to
> mind.  I'm sure SCC will dislike my response, but it is what it is
my
> friend.  I know of several Sidewinder 5.x boxes and even Gauntlet
5.x
> and 6.0 boxes still alive, well, and doing a very good job at
security.
>
> Justin Beeler
>
> Scott Montgomery wrote:
> > Hi, Dan:
> >
> > Unfortunately there are only two real options here today.  One is
to
> > run without support, but I can't really advise it.  The kb, phone
> > support, upgrade discounts, access to patches and updated
versions,
> > etc is tied to a current support agreement.  The other is a
migration
> > to a newer appliance.  The cost is far less than list price on
the
> > appropriately sized appliance (we basically give you some
hardware
> > credit for your existing device).
> >
> > We are exploring the viability of a VMWare-enabled appliance
version
> > (basically a 'software appliance' on a CD), but it's more a
research
> > project right now than anything else.  There's no commitment to a
> > delivery yet, and I have no idea what
pricing/SKU/warranty/details
> > might be like.  It's basically just something we're noodling on.
> >
> > If you're happy with the Sidewinders I'd talk to sales about the
> > migration/upgrade costs - it's the best way to stay plugged into
new
> > versions and features as well as support.
> >
> > Scott
> > scott_montgomery@...
> > <mailto:scott_montgomery@...>
> >
> >
> >
> >
> >
> > */flitcraft66 <daniels@...>/* wrote:
> >
> >     I have a pair of Sidwewinder 250 appliances (really they are
Dell
> >     servers with a Secure Computing ROM) that aren't supported
for 7.0.
> >     So, I am wondering what the future is. These appliances are
more than
> >     adequate for our needs for the indefinite future and I would
hate to
> >     have to retire them in 2009. So, I am wondering if somebody
from
> >     product development or marketing could let us know what to
expect.
> >
> >     Thanks
> >
> >     Dan Sichel
> >
> >
> > ------------------------------------------------------------------
------
> > Shape Yahoo! in your own image. Join our Network Research Panel
today!
> >
<http://us.rd.yahoo.com/evt=48517/*http://surveylink.yahoo.com/gmrs/ya
hoo_panel_invite.asp?a=7>
> >
> >
>
> --
> --------------------------------------------------------------------
--
> Justin Beeler (JBEELER.COM)
> Website URL: http://www.jbeeler.com
>
> - UNIX IS user friendly.....it's just picky about who it
> chooses to be friends with.
>
> "The day Microsoft makes something that doesn't suck is probably
> the day they start making vacuum cleaners." -Ernst Jan Plugge.
>
> --------------------------------------------------------------------
--
>

Hi, Dan:

 

Unfortunately there are only two real options here today.  One is to run without support, but I can't really advise it.  The kb, phone support, upgrade discounts, access to patches and updated versions, etc is tied to a current support agreement.  The other is a migration to a newer appliance.  The cost is far less than list price on the appropriately sized appliance (we basically give you some hardware credit for your existing device).

 

We are exploring the viability of a VMWare-enabled appliance version (basically a 'software appliance' on a CD), but it's more a research project right now than anything else.  There's no commitment to a delivery yet, and I have no idea what pricing/SKU/warranty/details might be like.  It's basically just something we're noodling on.

 

If you're happy with the Sidewinders I'd talk to sales about the migration/upgrade costs - it's the best way to stay plugged into new versions and features as well as support.

 

Scott

scott_montgomery@securecomputing.com

 

 

 

flitcraft66 <daniels@ponderosatel.com> wrote:

I have a pair of Sidwewinder 250 appliances (really they are Dell
servers with a Secure Computing ROM) that aren't supported for 7.0.
So, I am wondering what the future is. These appliances are more than
adequate for our needs for the indefinite future and I would hate to
have to retire them in 2009. So, I am wondering if somebody from
product development or marketing could let us know what to expect.

Thanks

Dan Sichel

---

Shape Yahoo! in your own image. Join our Network Research Panel today!

-- ----------------------------------------------------------------------
Justin Beeler (JBEELER.COM)
Website URL: http://www.jbeeler.com
- UNIX IS user friendly.....it's just picky about who it chooses to be friends with.
"The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge.
----------------------------------------------------------------------

I have a pair of Sidwewinder 250 appliances (really they are Dell
servers with a Secure Computing ROM) that aren't supported for 7.0.
So, I am wondering what the future is. These appliances are more than
adequate for our needs for the indefinite future and I would hate to
have to retire them in 2009. So, I am wondering if somebody from
product development or marketing could let us know what to expect.

Thanks

Dan Sichel