When I try to set up filters with the newest Director software, my text fields for ip addresses are truncated. I can't see what I am keying in. The fields where you select the signature that you want to filter is also truncated. The machine is Win NT with all option paks etc. This doesn't seem to be a problem with Win 2k. Is there a fix?
If it works fine when logged on locally to the Unix Director, and it works when using an X-Windows client on your Win2K, then this is likely a problem with the X-Windows software you are running on your Windows NT machine. The many different X-Windows software varies between vendor and OS, and it is impossible to test Unix Director with each of them. Many times there are bugs or defficiencies in the X-Windows software which couldn't be worked around by changing the nrConfigure code.
Our team validates that it works on the standard X-windowing environments used by Solaris and HP since those are the platforms supported by the Unix Director.
Try using a different X-Windows software on your machine. We use "Reflexction X" as our X windows software on Win 2K machines and it works fine. We also used to use it on Windows NT back with the older 2.2.1 Unix Director software. We had already changed over to Win 2K before the 2.2.3 Director was released so I don't know if Reflection X running on WIn NT would have the same problem you are seeing?
You could try the following, to do manually what you could have done through the GUI:
1) In nrConfigure double click on the sensor.
2) Open the Intrusion Detection configuration of the currently applied version.
3) Don't make any changes
4) Close the Intrusion Detection window that opened.
5) Save the new temporary version that had been created. (Remember the number)
6) Close the sensor version window and close down nrConfigure.
7) Telnet to the director
8) Login as user netrangr
9) cd /usr/nr/var/nrConfigure (NOTE: DO NOT enter this directory while nrConfigure is running. This a dynamically created and modified directory. Making changes in here while nrConfigure is running will cause problems with nrConfigure)
10) cd to the org directory that matches your sensor's orgid
11) cd to the host directory that matches your sensor's hostid
12) cd to the config directory for the sensor
13) cd to the version directory that matches the new version you created for the sensor
14) Use vi (or your favorite editor) to edit the packetd.conf (or SigSettings.conf) file to add in or edit the RecordOfExcludedPattern (or RecordOfIncludedPattern) lines for the filters.
15) Save the edited file(s)
16) cd /usr/nr
17) Start back up nrConfigure.
18) Double click on the sensor
19) Now open the version you just edited
20) Make any other changes you want
21) Now apply that version
Your filters should now be sent down to the sensor.
For information on manually adding the RecordOfExcludedPattern token refer to:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...