[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] http security server
I was wondering if someone could help with this? I am seeing this same issue and I would like to know why Checkpoing considers the missing or inconsistent "reverse DNS" a security risk. BTW, this was from Phoneboy's site(thanks!) Q: When I connect to some sites, I get the following error message: Failed to connect to www server A: There is two possible reasons for this: Connection to the site timed out or was refused at the remote end The remote site either has a missing or inconsistant "reverse DNS" entry for it's IP (thanks to Arjan van der Valk for uncovering this) Check Point considers the latter a security risk and does not allow these sites to be contacted through the HTTP Security Server. Check Point also does not allow you to turn this feature off. Your options for working around this are: Contact the remote site in question to ask them to fix their reverse DNS entry Add an entry in your firewall's local host file and have the system resolve against the hosts file first (note: This is untested) Exclude the site in question from going through the security server by adding a rule above your security server rule that permits normal HTTP to the site Thanks, Donna ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|