[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Scanning HTTP traffic to non-standard ports
The following (as an attachment) was posted from Aladdin tech support to this thread on Tuesday 21st November 08:27... --------------------------------------- (1) Create a TCP service using the desired URI protocol port. (2) Create the resource object that references your CVP server. (3) In your URI resources you need to modify the "Host" field in the "Match" tab. The default definition is an asterisk ( * ). Change this to asterisk - colon - asterisk ( *:* ). (4) Use "Add With Resouce..." to add a rule, which uses your new TCP service and CVP resource definitions. (5) Edit the $FWDIR/conf/fwauthd.conf file. This file is the configuration file for the FW-1 security servers. By default, it lists all standard ports monitored by FW-1. This is necessary to allow security servers to initiate sessions. You must add an extra line for the service created in step 1. If the new port used for HTTP sessions is 8080, then the file should be similar to the following exaple: 21 in.aftpd wait 0 80 in.ahttpd wait 0 8080 in.ahttpd wait 0 513 in.arlogind wait 0 25 in.asmtpd wait 0 Note: The 3rd line was added. This step forces the security server to run on this port, which is not standard. Without this line, the FW-1 security server will reject the communication. --------------------------------------- The only down side to the above is that you have to run an additional security server process (in.ahttpd) for every new port you wish to allow access to (each process being about 10MB in size)... But otherwise I found it to work (though you do need to stop/start the firewall for the fwauthd.conf change to take effect). Regards, Paul. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|