NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Stealth rule and LDAP question




Thanks for the replies.

I have always used stealth and cleanup rules and was just suffering from a
bout of temporary insanity when I posted my question.

-----Original Message-----
From: Andrew [mailto:[email protected]]
Sent: 12 October 2000 15:12
To: Murphy, Paul
Cc: [email protected]
Subject: RE: [FW1] Stealth rule and LDAP question


The stealth rule refers to the rule that explicity drops all connection
attempts to your firewall module.  The cleanup rule is the last rule which
drops AND LOGS all connections which have not matched any rules.  You need
a cleanup rule because by default all connections that do not match any
rules are dropped and NOT logged.

adm4
Network Security Corp.

 On Thu, 12 Oct 2000, Murphy, Paul wrote:

> 
> 
> Hold on, what is the difference between a stealth rule and a cleanup rule?
> 
> Paul.
> 
> 
> -----Original Message-----
> From: Rodney Lacroix [mailto:[email protected]]
> Sent: 12 October 2000 12:39
> To: [email protected]
> Subject: [FW1] Stealth rule and LDAP question
> 
> 
> 
> Question:
> 
> My firewall had never had a stealth rule (I inherited it).  I posted the
> other day about where I should put it considering I had a VPN in place,
and
> it was decided that it should go under the authentication rules.  Done.
> 
> Since doing so, my logs are showing that my LDAP server communication is
> being dropped (source: LDAP server, dest: firewall, service: ldap-ssl,
drop:
> stealth rule).
> 
> I assume that I need to implicity allow communication from my LDAP server
to
> the firewall before the stealth rule.  Is there any danger in doing this,
or
> should I remove my stealth rule and let my cleanup rule handle all drops?
> 
> Any help is appreciated.
> 
> Rodney Lacroix
> 
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 
> 
>
----------------------------------------------------------------------------
-------------------------------------------
> This e-mail is intended only for the above addressee.  It may contain
> privileged information. If you are not the addressee you must not copy,
> distribute, disclose or use any of the information in it.  If you have
> received it in error please delete it and immediately notify the sender.
> 
> evolvebank.com is a division of Lloyds TSB Bank plc.
> Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
> England, number 2065.  Telephone No: 020 7626 1500
> Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
> Edinburgh EH2 4LH.  Registered in Scotland, number 95237.  Telephone
> No:> 
> Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
> Personal Investment Authority and represent only the Scottish Widows
> and Lloyds TSB Marketing Group for life assurance, pensions and
> investment business.
> 
> Members of the UK Banking Ombudsman Scheme and signatories to the UK
> Banking Code.
>
----------------------------------------------------------------------------
-------------------------------------------
> 
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.