|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Stealth rule and LDAP question
Stealth rule hides the firewall from all systems and subnets not explicitly allowed to talk directly to it. Any FW Drop Log Rules to allow FW administration and routing protocols, and anything that by it's nature requires to talk directly to the firewall itself, should be placed above this rule. A "cleanup" rule is a catch-all. There's an "implicit" drop rule at the bottom of every rulebase, but it's not actually shown - effectively it is an "any any drop nolog" rule that drops all traffic not explicitly allowed by the rulebase. The problem is it doesn't Log. I dunno what Checkpoint were thinking there... Anyway, the "cleanup" rule is what every responsible clued-up firewall admin adds to the bottom of every rulebase. (well, ok depending on whether or not you are actually interested in anything not matching your rulebase). Any any Drop LOG Essentially all it is, is an explicit drop rule, which logs all traffic dropped by the firewall because no other rule in the ruleset matched it. HTH, Scott McMeekin (x25086) Senior Technical Analyst ITS Telecommunications Royal Bank of Scotland Tel: (Int:Email: [email protected] "Security is a Journey, not a Destination" > -----Original Message----- > From: Murphy, Paul [SMTP:[email protected]] > Sent: Thursday, October 12, 2000 1:29 PM > To: [email protected] > Subject: RE: [FW1] Stealth rule and LDAP question > > > *** Warning : This message originates from the Internet *** > > > > Hold on, what is the difference between a stealth rule and a cleanup rule? > > Paul. > > > -----Original Message----- > From: Rodney Lacroix [mailto:[email protected]] > Sent: 12 October 2000 12:39 > To: [email protected] > Subject: [FW1] Stealth rule and LDAP question > > > > Question: > > My firewall had never had a stealth rule (I inherited it). I posted the > other day about where I should put it considering I had a VPN in place, > and > it was decided that it should go under the authentication rules. Done. > > Since doing so, my logs are showing that my LDAP server communication is > being dropped (source: LDAP server, dest: firewall, service: ldap-ssl, > drop: > stealth rule). > > I assume that I need to implicity allow communication from my LDAP server > to > the firewall before the stealth rule. Is there any danger in doing this, > or > should I remove my stealth rule and let my cleanup rule handle all drops? > > Any help is appreciated. > > Rodney Lacroix > > > > ========================================================================== > == > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > == > ==== > > > -------------------------------------------------------------------------- > --------------------------------------------- > This e-mail is intended only for the above addressee. It may contain > privileged information. If you are not the addressee you must not copy, > distribute, disclose or use any of the information in it. If you have > received it in error please delete it and immediately notify the sender. > > evolvebank.com is a division of Lloyds TSB Bank plc. > Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in > England, number 2065. Telephone No: 020 7626 1500 > Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, > Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone > No:> > Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the > Personal Investment Authority and represent only the Scottish Widows > and Lloyds TSB Marketing Group for life assurance, pensions and > investment business. > > Members of the UK Banking Ombudsman Scheme and signatories to the UK > Banking Code. > -------------------------------------------------------------------------- > --------------------------------------------- > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment Authority. This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. 'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.' ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
