Firewall Wizards (firewall-wizards) Mailing List

Re: Coding a custom firewall manager for multiple firewall brands. Feasible?

Thu, 2 Jul 2009 17:17:27 -0500

Posted by Marcin Antkiewicz on Jul 2

> I just want to know whether the task (interfacing part) is do-able or not.
> The brands of firewalls that I'm handling are checkpoint and sidewinder 7. I
> don't mind coding out all the stuff but i really have limited product
> knowledge. Really appreciate any advise or help out...

Re: Coding a custom firewall manager for multiple firewall brands. Feasible?

Wed, 1 Jul 2009 08:23:07 -0700 (PDT)

Posted by plopz on Jul 1

Thank you guys for all your responses.

I kinda feel the same as david about commercial firewall management tools.
There also a lot of trouble and fuss to bring and use external software into
our corporate network. That's the main reason why the fw people are still
using manual data entry into...

Re: Coding a custom firewall manager for multiple firewall brands. Feasible?

Wed, 1 Jul 2009 00:54:58 -0500

Posted by Marcin Antkiewicz on Jul 1

> I'd just recently got an extra job role as a firewall administrator and I'm
> faced with a network that consists of multitudes of firewall brands (nokia,
> sidewinder etc. ) bulging with almost 3000+ rules. The networks are also
> segmented and structured in such a way that...

Re: Coding a custom firewall manager for multiple firewall brands. Feasible?

Tue, 30 Jun 2009 21:40:14 -0500

Posted by K K on Jun 30

Check out Matasano's "Playbook":
http://runplaybook.com/

I tried it about a year ago, was impressed.

Kevin

On 6/30/09, plopz <minggyang_at_gmail.com> wrote:
>
> Hi everyone,
>
> I'd just recently got an extra job role as a firewall administrator and I'm
...

Coding a custom firewall manager for multiple firewall brands. Feasible?

Tue, 30 Jun 2009 09:52:56 -0700 (PDT)

Posted by plopz on Jun 30

Hi everyone,

I'd just recently got an extra job role as a firewall administrator and I'm
faced with a network that consists of multitudes of firewall brands (nokia,
sidewinder etc. ) bulging with almost 3000+ rules. The networks are also
segmented and structured in such a way that adding a...

Re: firewall-wizards Digest, Vol 38, Issue 11

Fri, 26 Jun 2009 08:38:24 +0200

Posted by pkc_mls on Jun 26

Paul Hutchings a écrit :
> I have split tunnelling disabled, but being frank my low level
> knowledge of TCP/IP isn't sufficient to know if it's sufficient
> mitigation for lack of a software firewall.
>
> Frustratingly, the Juniper Host Checker comes with a firewall but you...

Re: Pix 520 tunnels

Wed, 24 Jun 2009 07:47:36 -0400

Posted by Paul Melson on Jun 24

On Tue, Jun 23, 2009 at 12:08 PM, Halchishak, John<jhalchishak_at_ciber.com> wrote:
> We have two pix (actually three, one failover) 520s that Im trying to setup
> multiple tunnels. The two office locations have a tunnel up between them
> with 2 peer address on the main end...

Re: Pix 520 tunnels

Wed, 24 Jun 2009 09:24:34 +0300

Posted by Farrukh Haroon on Jun 24

Hello John

You need to make sure that the dynamic crypto map entry is higher than the
static crypto map(s).

Please have a look at the below link:

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_Site-to-Site_VPN_client_connection_on_the_same_PIX

Regards

Farrukh
On Tue, Jun...

Re: firewall-wizards Digest, Vol 38, Issue 11

Tue, 23 Jun 2009 17:54:16 +0100

Posted by Paul Hutchings on Jun 23

I have split tunnelling disabled, but being frank my low level
knowledge of TCP/IP isn't sufficient to know if it's sufficient
mitigation for lack of a software firewall.

Frustratingly, the Juniper Host Checker comes with a firewall but you
need admin rights simply to enable/disable...

Pix 520 tunnels

Tue, 23 Jun 2009 09:08:48 -0700

Posted by Halchishak John on Jun 23

We have two pix (actually three, one failover) 520s that I'm trying to
setup multiple tunnels. The two office locations have a tunnel up
between them with 2 peer address on the main end and a single on the
other. We have need to establish other tunnels at various times to
clients. I can't...

Re: VPN and XP Firewall GPO settings

Tue, 23 Jun 2009 06:54:13 -0400

Posted by Chris Hughes on Jun 23

I'm with Victor disable split tunneling. I used to have connectivity issues
using Juniper network connect vpn with no split-tunneling. Very poor
implementation. Certain drivers used by the clients was causing repeated
connection resets and disaster seemed imminent during rollout. Juniper...

Re: Cisco AnyConnect Remote Access to L2L tunnels

Mon, 22 Jun 2009 20:52:44 -0400

Posted by Todd Simons on Jun 22

Adding the dynamic NAT on the outside interface fixed it! Thanks!

From: firewall-wizards-bounces_at_listserv.icsalabs.com
[mailto:firewall-wizards-bounces_at_listserv.icsalabs.com] On Behalf Of
Eric Gearhart
Sent: Friday, June 19, 2009 7:13 PM
To: Firewall Wizards Security...

Re: VPN and XP Firewall GPO settings

Mon, 22 Jun 2009 13:16:50 -0500

Posted by Victor Williams on Jun 22

Isn't the catch-all to just leave it on all the time? What is the value of not having it on if the laptop is connected to your immediate network?

I leave ours on all the time. We don't allow workstations/laptops to share files or printers...all that is handled on our servers. So, it works...

Re: firewall-wizards Digest, Vol 38, Issue 11

Mon, 22 Jun 2009 19:42:19 +0000 (UTC)

Posted by rjdriscoll_at_comcast.net on Jun 22

Are you allowing split tunneling? I have worked at companies that have disabled split tunneling, which in effect turned off routing except
through the VPN server. We then would check for things like current AV def's and patch compliance.

----- Original Message -----
From:...

Re: VPN and XP Firewall GPO settings

Mon, 22 Jun 2009 17:19:18 +0100

Posted by Paul Hutchings on Jun 22

Sorry, I may have explained badly so just to clarify:

Our default GPO is set to enable the XP Firewall when the laptops are
on "Standard Profile" and disable it when using "Domain
Profile" (going from "netsh firewall show currentprofile").

What seems to...