Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

lcfd and Aventail

lcfd and Aventail

lcfd and Aventail


lcfd does not work when coexist with Aventail v4.x !!! I tried to add lcfd into the exclude list of Aventail but it did not work (it worked for Aventail v3.2x only)! The problem get fixed only after uninstalling Aventail ! but this is not a solution as I need to use Aventail badly.

Does any body has any workaround for this problem ?


RE: lcfd and Aventail

There is a solution for this on the Tivoli Database:
Bottom line, order of installation is significant - ie, the Tivoli product should be installed first. The problem is that Aventail intercepts the packets that Tivoli sends to its Gateways, and it's incompatible with us. Aventail claims all the ports, unless you modify Aventail to exclude the "lcfd.exe" process. So,
*if* you're running Aventail, install Tivoli products first, then install Aventail, and modify Aventail to exclude the Tivoli processes (leaving the ports free for us). It would probably be a good idea to exclude all files that open TCP/IP connections.

To get lcfd and Aventail to work together:
1. Upgrade Aventail Connect from 3.01s (or whatever it is) to 3.21s
2. Change the "Modify List" of the Aventail configuration file to add
"lcfd.exe" to the list of apps to EXCLUDE from interception.
Then they should be able to coexist.

One more tip to get it to work.

IBM SecureWay Firewall: How to setup SOCKS in debug level logging.
Problem Desc: How to setup SOCKS in debug level logging.

The socks implementation on Firewall version 4.1 (both platforms) drastically changes the debug logging behavior.

Aventail natively provides logging at a fairly useful debug level, so one easy thing to do is to enable the debug logging that they provide as a documented part of their product. To enable this logging, edit the "s5.conf" file in the "<firewall root>/config" directory on Windows NT or in the "/etc/security" directory on AIX.
Find a stanza which starts like following:

installation "Converted"
<lots of indented directives>

Any place inside of those two braces, add the following six directives:

secout = LOGFILE;
sysout = LOGFILE;
miscout = LOGFILE;
seclevel = DEBUG3;
syslevel = DEBUG3;
misclevel = DEBUG3;

These directives will redirect all of Aventail's log facilities ("security", "system", "miscellaneous") to their respective hardcoded files, at the highest debug priorities. The files are "security.log", "system.log", and "misc.log". These files will show up in "c:\" on Windows NT and in "/etc/security/socks" directory on AIX. In addition, ask for verbose output to the screen, but only if running in a console window (as opposed to as a Windows NT Service).

On Windows NT, use the following command:

fwsocks5 -d -c "c:\program files\ibm\firewall\config\s5.conf" -V

On AIX, use the following command:

/usr/sbin/fwSocks5 -d -V3

Jim Simmons
Technical User

RE: lcfd and Aventail

This is the closest I've seen to a fix for this. I am using Aventail Connect, and I have the Aventail Connect Config. Tool 5.30 to edit config. files. But I see absolutely nowhere to put any exceptions or an application list in a config file in any level of network or subnet, or anywhere else in the config. file. The closest I see in this config. utility is a "required applications list" (applications such as antivirus that must be running to allow connection.)

Can anyone indicate where one can put application exclusions in the Aventail config. file so I can exclude lcfd.exe? The config. file is gibberish without the editor; it can't be edited manually. Thanks.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close