Thread: Stormc prob - quick one
View Single Post
  #2 (permalink)  
Old 2006-02-04
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Stormc prob - quick one
This is the firrst thing I've found...

To enable the Security Gateway to connect the Storm Center:

1) Configure an explicit rule for the Gateway to connect to the Storm Center.
2) Enable "accept outgoing packets originating from gateway" in Global Properties.
3) Install the Security Policy.

and.....

DShield.org has recently changed their web site SSL certificate with a different CA vendor, which has invalidated the root CA certificate that is originally included. The solution at present is to replace the root CA certificate on the firewall module and update the reference in the objects database:

1. Make a backup fo the %FWDIR%\conf\equifax.cer from the firewall module.
Remove the file %FWDIR%\conf\equifax.cer from the firewall module.

2. Copy the attached 'GTE_Root_CA.cer' to %FWDIR%\conf on the firewall module.

3. Stop the SmartCenter Server with 'cpstop'.

4. Backup and modify the %FWDIR%\conf\asm.C file and modify the following line:

storm_center_list:DShield:certificate_filename - change 'equifax.cer' to 'GTE_Root_CA.cer'.

5. Run 'cpstart' on the SmartCenter server.

6. Install the Security Policy to the gateway.

7. Run 'fwstop -proc' on the firewall module and then 'fwstart'.

----------------

I don't have access to the cert. You can open a call with support and get a copy.
Reply With Quote