Security Basics mailing list archives
RE: Checkpoint Firewall Configuration
From: "Hall, Spencer D" <shall () stvincentshealth com>
Date: Tue, 29 Jan 2008 14:38:22 -0500
If you have configured the firewall correctly you can report out of the Audit log which tracks administrative changes made to the configuration through the GUI. It will not check for changes made using cpconfig. Spencer D. Hall Sr. Technology Engineer/ISO Ascension Health - Southeast St. Vincent's - Jacksonville Office: 904-308-7029 Fax: 904-384-2036 Cell: 904-477-4660 Think before you print -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Andrea Gatta Sent: Tuesday, January 29, 2008 11:40 AM To: Hall, Spencer D; global.infosec () gmail com Cc: security-basics () securityfocus com Subject: Re: Checkpoint Firewall Configuration Hi, I guess that there are at least two ways to do that: - use the database revision control from the GUI. Bear in mind that this need to be maintained. Then you can simply work out main difference between one revision and another - use a script or anyway a batch procedure to check all the relevant files under $FWDIR/conf just to start. Here are stored all the critical files starting from global objects, users databases ad firewall policies. I'm quite sure there are some tools out in the wild that can help you out on this. Take into account that, depending on the way you deployed the firewall architecture(stand alone or distributed), you might need to make same checks on both management and firewall node side Cheers, Andrea On 29 Jan 2008 06:04:25 -0000, <global.infosec () gmail com> wrote:
We are in the process of auditing our Checkpoint confifuration. We need to capture the configuration details of the Firewall. The objective is to identify if any changes have occured to the configuration at any point of time. How do we capture the firewall configuration for Audit purpose? Thanks.
CONFIDENTIALITY NOTICE: This email message and any accompanying data or files is confidential and may contain privileged information intended only for the named recipient(s). If you are not the intended recipient(s), you are hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, delete this email from your computer, and destroy any copies in any form immediately. Receipt by anyone other than the named recipient(s) is not a waiver of any attorney-client, work product, or other applicable privilege.
Current thread:
- Checkpoint Firewall Configuration global . infosec (Jan 29)
- Re: Checkpoint Firewall Configuration Andrea Gatta (Jan 29)
- RE: Checkpoint Firewall Configuration Hall, Spencer D (Jan 29)
- Re: Checkpoint Firewall Configuration Jason Thompson (Jan 29)
- Re: Checkpoint Firewall Configuration Louise Forrest (Jan 29)
- Re: Checkpoint Firewall Configuration Jurgen Vermeulen (Jan 30)
- RE: Checkpoint Firewall Configuration Dieter Sarrazyn (Jan 30)
- Re: Checkpoint Firewall Configuration c0unter14 (Jan 31)
- <Possible follow-ups>
- Re: RE: Checkpoint Firewall Configuration bill (Jan 30)
- Checkpoint Firewall Configuration David Glosser (Jan 30)
- Re: Checkpoint Firewall Configuration Andrea Gatta (Jan 29)