| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] http security server
I was wondering if someone could help with this? I am seeing this same
issue and I would like to know why Checkpoing considers the missing or
inconsistent "reverse DNS" a security risk. BTW, this was from Phoneboy's
site(thanks!)
Q:
When I connect to some sites, I get the following error message:
Failed to connect to www server
A:
There is two possible reasons for this:
Connection to the site timed out or was refused at the remote end
The remote site either has a missing or inconsistant "reverse DNS" entry
for it's IP (thanks to Arjan van der Valk for uncovering this)
Check Point considers the latter a security risk and does not allow these
sites to be contacted through the HTTP Security Server.
Check Point also does not allow you to turn this feature off. Your options
for working around this are:
Contact the remote site in question to ask them to fix their reverse DNS
entry
Add an entry in your firewall's local host file and have the system resolve
against the hosts file first (note: This is untested)
Exclude the site in question from going through the security server by
adding a rule above your security server rule that permits normal HTTP to
the site
Thanks,
Donna
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
