FW1+RS50

Task: Configure CheckPoint Firewall-1 and ISS RealSecure 5.0 on single host Windows 2000

Config:
Firewall&IDS: sunrise mxnic0-10.0.3.1, mxnic1-10.0.2.2
Router: core f1/0-10.0.0.10, f2/0-10.0.2.1
For testing:
Workstation: cray eth0-10.0.0.111(hacker)
Workstation: ghost eth0-10.0.3.2(victim)

Do:

0.Exchange keys

D:\FW1\4.1\bin>fw putkey -opsec 10.0.2.2
Enter secret key:
Again secret key:

D:\FW1\4.1\bin>

D:\ISS\RealSecure 5.0>opsec_putkey.exe 10.0.2.2
Enter secret key:
Again secret key:
OPSEC: Received new control security key from 10.0.2.2
Authentication with 10.0.2.2 initialized

D:\ISS\RealSecure 5.0>

1.Set global responses

2.Set LockSrcAddr

3.Set testing rules

Testing:

4.RealSecure detect ping flood from cray(10.0.0.111) to ghost(10.0.3.2)

5.RealSecure send signal to CPFW-1

6.CPFW-1 reject ping flood from cray(10.0.0.111) to ghost(10.0.3.2)

7.Blocking expired

Possible bug:
conflict - CPFW-1 say:[ drop becouse spoof local network ]
but packet successfuly send&recv and log quickly oversize :(