NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] How do I shut down access to a site



This facility has to do an nslookup on every address that the rule is being checked against. So, every web request has to have an nslookup done on the destination address before the firewall allows it. This has a dramatic effect on the speed of internet access. It cache's them but when you first implement the rule it is ridiculously slow. I was hoping there was a better solution....Thanks!
 
Gino Guidi
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, December 07, 2000 8:50 AM
To: Jim Brown
Cc: [email protected]; [email protected]; [email protected]
Subject: RE: [FW1] How do I shut down access to a site


Or add a domain object in your firewall - I haven't used this too much so I don't know how well it works but - hey ! - CP have given the facility so it MUST work - right ?  ;-)

Tim Higgins



Jim Brown <[email protected]>
Sent by: [email protected]

07/12/00 15:54

       
        To:        "'Gino Guidi (SD)'" <[email protected]>, [email protected]
        cc:        
        Subject:        RE: [FW1] How do I shut down access to a site



If possible add an entry in your internal DNS for the desired site in
question. You could have the IP point to an internal website that will
display your Internet AUP or just point to a null interface on a router
somewhere inside your network. The firewall never has to see it.

-----Original Message-----
From: Gino Guidi (SD) [mailto:[email protected]]
Sent: Thursday, December 07, 2000 7:50 AM
To: [email protected]
Subject: RE: [FW1] How do I shut down access to a site



Is there any other way to make this work for a site that has multiple IP's
for any given name. For Example we are trying to block a site that has so
far four IP's for its www address. Trying to block by domain brought our
Internet Access to it's knees because of the amount of lookups the FireWall
had to wait for. Any ideas?


Gino Pietro Guidi
Network Engineer
CoStar Group, Inc.
[email protected]

-----Original Message-----
From: Steven Schuster [mailto:[email protected]]
Sent: Wednesday, December 06, 2000 1:51 PM
To: '[email protected]';
[email protected]
Subject: RE: [FW1] How do I shut down access to a site



do an nslookup to get the IP address, put a rule that states your-net -->
cutefx-net --> any --> drop and viola!

if it is a site of questionable material, then a company-wide e-mail with a
gentle reminder of the acceptable use policy....

Steve Schuster, CCSE, CCNA
Midwest ISO
Security Analyst



-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, December 06, 2000 4:36 PM
To: [email protected]
Subject: [FW1] How do I shut down access to a site




This has been asked before - and I filed it safe somewhere - but I need to
block access to cutefx.com in a hurry.
Answers please.
Paul
----------------------------------------------------------------------------
----------------

C. Paul Simons
Corporate Network Services
IHS Energy Group, Englewood, CO.

Main:
Direct:
Fax: +1 303 736 3860
Mobile: +1 303 748 5242



============================================================================
====
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================




#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.