NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] http domain filter



I am trying to set up simple access rules for 4 different groups.  These
groups have a variety of different access to sites like av.com, yahoo.com,
etc.  I am toying with a few ideas and I want to bounce it off a few people.
My desired result is to use something like domain objects so that I don't
have to manually input any changes when yahoo gets a new server.  I have
gotten it to work using URI resources and it works great, BUT (and you knew
there was a but) when someone access a site they don't have permissions to,
it just comes up with user/pass prompts until it finally moves to an Error
407 - not "Access Denied."  Here is what I have found the reason to be: the
rule setup to allow users to these sites is below

Group1@internal	any	http->www.yahoo.com	User Auth	Account

It looks as though because the destination is any I will never see that
access denied error.  A solution was to use the domain objects in the dest
field, only they are not allowed when using User Auth.  Now this may appear
to be cosmetic only and not bother fixing, but when I user accesses
yahoo.com, several gif's on that page are called from other URL's.  So, in
order to load the page the users will get frustrated after trying their
user/pass so many times.  It will eventually load without those gif's.  If I
specify the IP of yahoo.com as the dest, the page loads no problem and just
ignores the gif's (no prompts because access is denied).

Anyone know the secret or have a few moments to spare and test my theories?

Cheers,

Jamie Doherty



The information transmitted by the following E-Mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use, or taking any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately atext. 3600 and delete the communication from any computer or network system.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.