[Snort-users] Compiling snort for CheckPoint Firewall-1 support

carlopmart carlopmart at ...11827...
Fri May 12 02:10:30 EDT 2006


Hi Frank,

  Yes, correct but I need to modify snort rules by hand if i would to 
block some connections with snortsam (and if I launch process to update 
snort rules, they are overwritted and I lose my changes). I need to 
block connections immediately using snort rules and custom rules.

Frank Knobbe wrote:
> On Thu, 2006-05-11 at 17:19 +0200, carlopmart wrote:
>>   i would like to test snort 2.4.4 release with CheckPoint fw-1
>> (NGR55 
>> and NGX) and in-line (snort-inline.sf.net) support. I have used
>> snortsam 
>> last months, but I need a real IPS now thath sends commands to my 
>> firewalls and blocks traffic. How can I compile snort for fw1
>> support???
> 
> Uhm... that *IS* what Snortsam does. It sends commands to your firewall
> to block traffic.
> 
> 
> On Thu, 2006-05-11 at 14:29 -0400, Paul Melson wrote: 
>> You can't build Snort with FW-1 specific support like you can with
>> RealSecure or other commercial products that have OPSEC(tm) support.
> 
> Snortsam provides that OPSEC support, but not straight from Snort. It is
> interfaced by Snortsam (Snort->Snortsam->FW-1).
> 
> 
> Regards,
> Frank
> 

-- 
CL Martinez
carlopmart {at} gmail {d0t} com




More information about the Snort-users mailing list