Hi,
We're testing Gauntlet 3.1 on a SunOS 4.1.4. Everything
seems fine except for the following two error messages we see
on the log file:
Message #1:
securityalert: tcp from XX.XX.XX.XX:2315 to YY.YY.YY.YY
*******************************************************
on unserved port 113
********************
Port 113 is for authentication and YY.YY.YY.YY is
the IP address of the firewall. This message appears at
random - sometimes they appear, sometimes they do not.
But when they do appear, it's HUGE occupying lots of
lines in the log file. During the interval that they do
not appear, netperm says that port 113 is on a LISTEN
status. We're sure that we didn't run any daemon on the
Gauntlet to use port 113.
What exactly is this "access" all about? If this
access is really necessary to the function of the fire-
wall, what should we do so that they won't appear in
the log file anymore?
Message #2:
fwtkcfgerr: Policy policy-inside has no permit-proxy
****************************************************
line for http-gw
****************
This message appears when a client that is not
given access to http-gw, as defined in a policy, tries
to access http-gw. We have clearly stated in the
netperm-table "policy-inside: deny-proxy http-gw".
Why is this happenning? We really can't figure it
out. Moreover, it seems that this error message some-
times appears and sometimes does not.
Has anybody had encountered the error messages above
before? We surely could use some advice. We're in a deep
pit right now. Any help would be greatly appreciated.
Thanks a lot.
George
P.S.
I've searced the archives but couldn't find the relevant
info.
Follow-Ups:
|
|
