Frequently asked questions

1) What is the meaning of the message: “Impossible to locate the machine on x.x.x.x”?

2) How can I check the IP address (es) really assigned to the Firewall?

3) What is the meaning of the message: ‘You lost the MODIFY privilege’?

4) What is the meaning of the message: ‘The operation has exceeded the allotted time’?

5) How do I know if there has been an attempted intrusion?

6) It is possible to allow protocols other than IP?

 

 

1) What is the meaning of the message “Impossible to locate the machine on x.x.x.x”?

This message means that the host on which you are connected cannot reach the Firewall by the IP address you have specified in the connection window. This may be for one of several reasons.

 

Check:

  • That the IP address which you have specified in the connection window is that of the Firewall (that of the internal interface in advanced mode),
  • That your host has indeed a different IP address from the Firewall but is on the same sub-network,
  • That the connections are properly in place (use a crossover cable only if you are connecting the Firewall directly to a host or a router. Type "arp -a" in a DOS window under Windows to see if the PC recognizes the Stormshield Network firewall’s physical address (Ethernet). If it doesn’t, check your cables and the physical connections to your hub.
  • That you have not changed the firewall’s operating mode (transparent or advanced),
  • That the firewall recognizes the IP address (see “How can I check the IP address (es) really assigned to the Firewall?”).
  • That the access provider for the graphical interface has not been deactivated on the Firewall.

 

2) How can I check the IP address (es) really assigned to the Firewall?

If you wish to check the IP address (es) or the operating mode (transparent or advanced) you need only connect to the Firewall in console mode. To do so you can either conduct an SSH session on the Firewall (if SSH is active and authorized) or connect directly to the firewall by the serial port or by connecting a screen and a keyboard to the firewall.

Once connected in console mode (with the admin login) type the command "ifinfo". This will give you the network adapter configuration and the present operating mode.

 

3) What is the meaning of the message ‘You lost the MODIFY privilege’?

Only one user can be connected to the Firewall with the MODIFY privilege. This message means that a user has already opened a session with this privilege.

In order to force this session to close, you need only connect, adding an exclamation mark before the user’s name (!admin).

WARNING

If an administrator session is open on another machine with the MODIFY right, it will be closed.

 

4) What is the meaning of the message ‘The operation has exceeded the allotted time’?

As a security measure any connection between the firewall and the graphical interface is disconnected after a given time whether finished or not. In particular, this prevents an indefinite wait for a connection if the Firewall cannot be reached via the network.

 

5) How do I know if there has been an attempted intrusion?

Each attempted intrusion triggers a major or minor alarm, depending on its gravity and configuration. You are informed of these alarms in four ways:

  • Firstly the LEDs on the front panel of the firewall light up (red) or flicker (yellow) to alert you.
  • Then the alarms are logged in a specific file which you can consult from the graphical interface (Stormshield Network Real-Time Monitor),
  • You can choose to receive alarm reports at a regular frequency (cf. Receiving alarms) via the firewall's web administration interface. This feature may be configured so that whenever an alarm is raised an e-mail is sent. When several alarms are raised in a short period, they will be sent in a collective e-mail
  • Stormshield Network Real-Time Monitor displays alarms received in real time on the screen.

 

6) It is possible to allow protocols other than IP?

The Stormshield Network firewall can only analyze IP-based protocols. All protocols that the firewall does not analyze are regarded as suspicious and are blocked.

However, in transparent mode, Novell’s IPX, IPv6, PPPoE, AppleTalk and NetBIOS protocols may be allowed through even though they are not analyzed.