Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
51525354555657585960
Chapter 7 Troubleshooting Security Servers and Content Security
How to Improve HTTP Security Server performance in a High Performance Environment
Advanced Technical Reference Guide 4.1 June 2000 55
1. c0t8d0 <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>
/pci@1f,4000/scsi@3/sd@8,0
AVAILABLE SWAP:
Total: 7848k bytes allocated + 1640k reserved = 9488k used, 400496k available
IP Interface
Issuing the ifconfig -a command resulted in:
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
inet 127.0.0.1 netmask ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:a6:eb:58
hme1: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask ffffff00 broadcast 192.168.2..255
ether 8:0:20:a6:eb:58
hme2: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 10.1.1.1 netmask ffffff00 broadcast 10.1.1.255
ether 8:0:20:a6:eb:58
Issuing the /opt/CPfw1-41/bin/fw ctl iflist command resulted in:
0 : lo0
1 : hme0
2 : hme1
3 : hme2
The Software
Solaris v2.6 SunOS 5.6 Generic_105181-16, (hardened according to customer’s specifications)
Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41439 [VPN +
DES + STRONG]
VPN-1/FireWall-1 Rule Base
The rule base implemented is very simple, consisting of 4 rules.
Rule 1. Stealth drop rule with track long.
Rule 2. WebSense reject rule with track long.
Rule 3. HTTP resource Accept rule for URL logging with track long.
Rule 4. Clean-up drop rule with track long.
The number of objects defined was less than 200.
There is 1 NAT rule to hide internal subnets behind the VPN-1/FireWall-1 external IP address, although this
rule is not really applicable since the transparent httpss proxy takes care of the connections without relying on
NAT.