Task: Configure CheckPoint Firewall-1 and ISS RealSecure 5.0 on single host Windows 2000


Config:
 Firewall&IDS: sunrise mxnic0-10.0.3.1, mxnic1-10.0.2.2
 Router: core f1/0-10.0.0.10, f2/0-10.0.2.1
For testing:
 Workstation: cray eth0-10.0.0.111(hacker)
 Workstation: ghost eth0-10.0.3.2(victim)

Do:


0.Exchange keys

D:\FW1\4.1\bin>fw putkey -opsec 10.0.2.2
Enter secret key:
Again secret key:

D:\FW1\4.1\bin>

D:\ISS\RealSecure 5.0>opsec_putkey.exe 10.0.2.2
Enter secret key:
Again secret key:
OPSEC: Received new control security key from 10.0.2.2
Authentication with 10.0.2.2 initialized

D:\ISS\RealSecure 5.0>

1.Set global responses



2.Set LockSrcAddr



3.Set testing rules



Testing:


4.RealSecure detect ping flood from cray(10.0.0.111) to ghost(10.0.3.2)



5.RealSecure send signal to CPFW-1



6.CPFW-1 reject ping flood from cray(10.0.0.111) to ghost(10.0.3.2)



7.Blocking expired



Possible bug:
conflict - CPFW-1 say:[ drop becouse spoof local network ]
but packet successfuly send&recv and log quickly oversize :(