Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW-1 initiate connection rule

To: Lance Spitzner <[email protected]>
Subject: Re: [FW1] FW-1 initiate connection rule
From: Michael Batchelder <[email protected]>
Date: Wed, 06 Dec 2000 02:53:13 -0800
Cc: [email protected], [email protected]
References: <[email protected]>
Sender: [email protected]



Lance Spitzner wrote:

<snip>

> This rule will drop any connection initiated by the firewall, EVEN
> if your firewall is only inspecting inbound packets and protect your
> firewall from being used in various attacks.  The trick is that the
> "INSTALL ON" column is set to the Firewall, and not any.  This causes
> that single rule to inspect Eitherbound, while all the rest of the
> rules still inspect inbound.  Be advised, this also includes any mail,
> dns, or syslog connection that your firewall may be initiating.  You
> may need to add a second rule before this one to allow that functionality.

In addition to mail, dns, or syslog, don't forget the VPN stuff that's
not generated by a (separate) management console.

Binky


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] FW-1 initiate connection rule
  - From: Lance Spitzner <[email protected]>

Prev by Date: [FW1] Secure Remote issue
Next by Date: [FW1] UserAuth, FW as Proxy and URL Filter
Previous by thread: Re: [FW1] Gigabit Network Support
Next by thread: [FW1] port 1530
Index(es):
- Date
- Thread