Firewall Wizards mailing list archives
RE: Router management with FW-1
From: Amirmadhi Foorood <Foorood.Amirmadhi () Columbia net>
Date: Mon, 5 Apr 1999 08:58:53 -0500
OSM 1.0 (Open System Management) from Checkpoint is the software that manages rules in Checkpoint firewall activated on 3COM routers. OSM initially uses the SNMP to communicate with 3COM router and then actually uses an scripted telnet session to download the rules onto the routers. Presently, there is a limitation on 3COM routers code that do not accept more than about 7 Kb of script. This translate to about 140 firewall rules that can be pushed to the 3COM routed (on even latest hardware and latest rev. code). Note that the number of rules is not the same as the number of rule on FW-1 Security policy GUI table. For a given rule, the number of actual rules is determined by the following. (# of Source) x (# of Destination) x (# of Services) = Actual # of rules. If you are interested in FW-1 on 3COM routers and you think that you might have a need for more than 140 rules (as described above), check the status of 3COM for router code revision requested by our company to increase the size of the script that can be telneted to the 3COM routers. The are other limitations (unwanted features) of OSM that if you are interested happy to share it to you.
-----Original Message----- From: lart () hacksec org [SMTP:lart () hacksec org] Sent: Friday, April 02, 1999 6:15 PM To: Sandy Green Cc: Firewall Wizards Subject: Re: Router management with FW-1 On 30 Mar, Sandy Green wrote: : This is about the router management feature : provided with the Checkpoint's firewall. : : First, is that how do they write into the access-list : of the router. Is it telnet or via snmp ? Depends on the type of router being managed. For Cisco, it's telnet. If it's a Bay^H^H^HNortel Networks Router, it's SNMP. I forget what 3Com and Steelhead use. : second when the rules are installed or dumped on : the router , is it the inspect code that is dumped or : plainn ascii text as needed by the access-list. : ( I am asking this because if it is inspect then : is there a co-operation between cisco and : checkpoint ? Plain old access-list statements. : and third , are there any other ffirewalls by which we : can dump rules into the routers. None that I know of, at least in a way as automated as Check Point does it. -- Lart <lart () hacksec org> Technologist, Cryptonerd, Human http://www.hacksec.org/
Current thread:
- Router management with FW-1 Sandy Green (Apr 01)
- Re: Router management with FW-1 Chris Brenton (Apr 02)
- Re: Router management with FW-1 lart (Apr 03)
- Re: Router management with FW-1 Jean-Marc Boulier (Apr 13)
- <Possible follow-ups>
- RE: Router management with FW-1 Amirmadhi Foorood (Apr 05)