One of my customers has a cyberguard firewall that was working perfectly when I configured it in the office. However on shipping it to the customer, it was placed behind a horrible Verizon modem that broke most of the configuration parameters I had put in place. Most of them were fixable straight away, but I've never been able to get it to vpn back to the head office. I was getting the error message "Peer is not authorized to use remote address" in the log files.
Various responses in google mentioned I had to add noauth to the /etc/ppp file but this file doesn't exist on the cyberguard unit. However, using the Advanced section and editing the "pptp.connect to office" file, adding "noauth" (without quotes) to the end of the file, the vpn connection worked.
This isn't documented anywhere in google that I've seen so hopefully this will help someone else.
Recently in Firewalls Category
TR/dldr.delf.CB.1*2
BDS/Haxdoor.BH*3
TR/dldr.small.ait
TR/Drop.Funweb.A
Drop.Small.NK
BDS/Haxdoor.BH.1*2
PMS.WildTangent.B.1
Interestingly Norton had already detected and deleted a couple of these files but didn't detect any of the others. I had to boot from a Windows UltimateBootCD, download new dats for avpersonal and then run a scan. The Avpersonal only took 30 minutes to run, the Trendmicro one has been going for about an hour and is still going. Its a good job I don't charge by the hour.
Now that we had proved (or thought we had) that the DR recovery onto new hardware for our Symantec Enterprise Firewall worked it was time to upgrade to version 8 of the software.
Finally completed the DR of our firewall - 8 days after starting it....
Symantec have issued an advisory for a IPsec/ISAKMP VPN Buffer Overflow on their enterprise firewalls. It only affects dynamic vpn tunnels which we don't use (phew)
Oh great - I was just extolling the virtue (or lack) of our firewall(s) in the office/remote pc's and then there's a Symantec Client Firewall Remote Access and Denial of Service Issues posted in Lockergnome's Tech News Watch. Going to have fun looking at that one tomorrow!.
Update After waiting 15 minutes on hold, apparently the problem does not affect the corporate Enterprise VPN client - only the firewalls sold with antivirus type products - phew! As it turns out there is a culmalative patch available for the firewall anyway so I downloaded this instead.
Yesterday was apparently Personal Firewall Day which is weird that I only heard of it today (as I didn't read my rss feeds yesterday). I would have thought this would have kicked off before the actual day....Anyway - yesterday I was asked to go to a friends who told me they had welchia or blaster on their pc. When I got there I did a quick check of the startup folders and registry and saw nothing suspicious. That and the fact they were running 98 did make me wonder HOW they got infected (as these are nt platform virus's) Needless to say they had no real a/v software on the machine. PC-Cillin98 which had never been updated - so probably 6 years old. NAV was "installed" on the machine - the cd was copied onto the hard disk - so that wasn't helping much :-)
I ran through my various fix_virus.exe files downloaded from symantec, found nothing and then installed the free Computer Associates firewall/AV combo on their machine. All went well until it told me I HAD to update the definitions, reasonably enough, except for some reason it was coming up with 550 errors on the ftp. But a manual download of the file, from the same url worked fine! A standard home user would have had NO idea what to do and would have been left with an annoying popup every time they booted and no a/v protection.
After scanning there were no virus's found but 50+mb of windows updates (not including WMP9 etc) and I wasn't going to download them via dialup!
I installed the CA Antivirus firewall on the parents-in-law computer. The firewall is almost identical to zonealarm. I've not used zonealarm for several months/years now so I can't tell if it is the same as the newer versions, but all the popup dialog boxes and the traffic meters in the taskbar are practically identical. The Antivirus is different and also includes spyware and popup blockers so it will be interesting to see how good they are - i'm sure I'll have plenty of practise as I've already removed lop from the computer twice, amongst many other spyware infections on it. I've also installed SpywareGuard which aims to stop the driveby installations (and i've also installed firebird for my own surfing)
I wouldn't have thought that organising an adsl modem to work in conjunction with a hardware firewall would be that difficult. But I've been receiving conflicting advise over what routers/functionality needs to be installed. All I need is an router/modem that is effectively invisible to the firewall so it thinks it is connected to the internet and can get on with its filtering,vpn's and protection. However I am being ignored by BT, the company we are probably going to buy Broadband from (yet another reason to not use them - if they are this bad when we *want* to spend some money with them I hate to think what they will be like when we have a problem), our existing firewall support won't help unless we buy one particular make of router and get broadband from one particular supplier, and the firewall company won't help as they say its the resellers problem - so back to square one.....Almost makes me want to go to dialup modem! The fact that we can't order broadband until the physical line is installed and live also makes a mockery of the whole broadband ordering process.
