[Snort-users] Snort on Checkpoint Firewall-1

Ofir Arkin ofir at ...949...
Fri Oct 19 17:31:09 EDT 2001


Scott,
 
Some info you asked for.
 
Checkpoint module gets installed just after the link-layer. This means
it gets to deal with traffic before layer 3 does (IP).
 
On another note, if I am you I would not run snort on the same box as my
Firewall. Install your firewall on a dedicated box always. You certainly
do not wish to have surprises. 
 
This is just my 2c
 
Ofir Arkin [ofir at ...949...]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
 
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Dresen,
Scott
Sent: ו 19 אוקטובר 2001 22:55
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort on Checkpoint Firewall-1
 
I'm running Snort v1.8.1 on the same Linux box that I'm running a
Checkpoint Firewall-1 firewall.  However, my snort logs are not showing
any activity.  When I ran Snort with IPTables, I saw plenty of activity.
I'm wondering if anyone knows whether or not Checkpoint runs at a higher
priority on Linux and therefore blocks packets before Snort has a chance
to analyze them?
 
TIA,
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011019/4c288bbe/attachment.html>


More information about the Snort-users mailing list