General discussion

Locked

Firewall issues since the SWEN virus

By total geek ·
Hi,
I have just finished cleaning out our system witht the SWEN virus.I was also experiencing problems with our Watchguard firewall as it was getting flooded with NAT pools exhausted. I thought that this problem would go away but I am still having issues with the firewall. I am running SBS with Exchange 2002. The machine that was infected is offline and all other workstations have been scanned.
Please help.

Mil

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by compgirlfhredi In reply to Firewall issues since the ...

MS Windows Client to Server through Gnatbox or Watchguard Firebox to NT/Win2000 server running VPN over PPTP or L2TP. PPTP (Point to Point Tunnelling Protocol),simple but effective VPN protocol supports to 127 concurrent VPN connections (Bandwidth permitting).Allows many remote workers with any type of connection to the Internet the ability to create VPN connection to NT/Win2000 server. However,Watchguard Firebox is capable of terminating PPTP sessions itself by talking to NT user database. This means you still use NT user database to authenticate and manage remote users,no need to run RAS/VPN at all. The PPTP client software comes with Win98, NT4 workstation and Win2000, server component part of OP4 for Windows NT (bundled as part of RRAS in 2000 server).Dedicated IPSEC clients and Watchguard are more secure and trouble free. Doesn't mean PPTP if properly configured is insecure, only "less secure" than IPSEC based counterparts.If running all Win2000 network, you
deploy more secure L2TP VPN protocol developed by MS and CISCO. However, the platform the VPN service is still vulnerable. Investigate packet filtering in 2000server and invest in good server side software firewall. The Watchguard SOHO |TC designed to 25 users to connect to remote site running another SOHO |TC or WatchGuard Firebox. The Firebox is more powerful and supports remote access teleworkers AND connections from other SOHO |TCs Fireboxes. All WatchGuard operate in IPSEC or PPTP mode for remote users.Firebox ability to create VPN Tunnels between itself and other Firewalls of different sizes,flexible when connecting several different sized networks together over VPN.
Passing task of VPN tunnel creation and removal to Firebox you remove knowledge of VPN from users of system therefore creating more transparent solution that dynamically creates VPNs only when needed. client PCs use remote site resources as if connected to their local network. The WatchGuard Firewall range use 3DES for encryption.

Collapse -

by compgirlfhredi In reply to

Primary probs FTP pose to firewalls, NAT, load-balancing devices are:
Additional TCP/IP connects are used for data transfers; Data connect may be sent random port numbers; Data connects may originate from server to client, well as originating from client to server; Data connects? destination addresses are negotiated on fly between client and server over channel used for control connect; Control connect is idle while data transfer takes place on data connect.
(1) routing devices must maintain state info for control connection where FTP conversation between client/server, and subsequent data connections. For load balancing this means its imperative to send data connects to same IS that control connection associated with it is being sent.
(2), Its impossible for FTP to work a configuration where only handful of well-known ports allowed in and all other ports are denied. both FTP control port (21) and large range of high-numbered ports must be allowed in. a consequence of prob (1), range of ports can lock down for everything except use by FTP with little work by routing device.
(3)may mean restrictive routing device on client side may cause problems.
(4)requires routing devices to understand FTP and dynamically modify contents of control connect so internal server addys are rewritten to acceptable external addy. also requires
routing device maintain state information so
packets arrive at acceptable external address are transparently re-routed to internal server address.
(5)routing devices that "time out" TCP/IP connections must be aware that FTP control connections can be completely inactive for hours while data transfer takes place on separate data connect. The client program then locks up waiting for the server to reply to a message it never received because the routing device did not route it to the server.

Collapse -

by total geek In reply to

Poster rated this answer.

Collapse -

by compgirlfhredi In reply to Firewall issues since the ...

good article on NAT...(FTP, etc.)

http://www.vicomsoft.com/knowledge/reference/nat.html

Collapse -

by total geek In reply to

Poster rated this answer.

Collapse -

by total geek In reply to Firewall issues since the ...

This question was closed by the author

Back to Desktop Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums