|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] How do I shut down access to a site
This
facility has to do an nslookup on every address that the rule is being checked
against. So, every web request has to have an nslookup done on the destination
address before the firewall allows it. This has a dramatic effect on the speed
of internet access. It cache's them but when you first implement the rule it is
ridiculously slow. I was hoping there was a better
solution....Thanks!
Gino
Guidi
Or add a domain object in your firewall - I haven't
used this too much so I don't know how well it works but - hey ! - CP have
given the facility so it MUST work - right ? ;-)
Tim Higgins
If possible add an entry in your internal DNS
for the desired site in question. You could have the IP point to an
internal website that will display your Internet AUP or just point to a
null interface on a router somewhere inside your network. The firewall
never has to see it.
-----Original Message----- From: Gino Guidi
(SD) [mailto:[email protected]] Sent: Thursday, December 07, 2000 7:50
AM To: [email protected] Subject: RE: [FW1] How
do I shut down access to a site
Is there any other way to make
this work for a site that has multiple IP's for any given name. For Example
we are trying to block a site that has so far four IP's for its www
address. Trying to block by domain brought our Internet Access to it's
knees because of the amount of lookups the FireWall had to wait for. Any
ideas?
Gino Pietro Guidi Network Engineer CoStar Group,
Inc. [email protected]
-----Original Message----- From:
Steven Schuster [mailto:[email protected]] Sent: Wednesday, December
06, 2000 1:51 PM To:
'[email protected]'; [email protected] Subject:
RE: [FW1] How do I shut down access to a site
do an nslookup to
get the IP address, put a rule that states your-net --> cutefx-net
--> any --> drop and viola!
if it is a site of questionable
material, then a company-wide e-mail with a gentle reminder of the
acceptable use policy....
Steve Schuster, CCSE, CCNA Midwest
ISO Security Analyst
-----Original Message----- From:
[email protected] [mailto:[email protected]] Sent:
Wednesday, December 06, 2000 4:36 PM To:
[email protected] Subject: [FW1] How do I shut down
access to a site
This has been asked before - and I filed
it safe somewhere - but I need to block access to cutefx.com in a
hurry. Answers
please. Paul ---------------------------------------------------------------------------- ----------------
C.
Paul Simons Corporate Network Services IHS Energy Group, Englewood,
CO.
Main: Direct: Fax: +1 303 736
3860 Mobile: +1 303 748
5242
============================================================================ ====
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html ============================================================================ ====
============================================================================ ====
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html ============================================================================ ====
============================================================================ ====
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html ============================================================================ ====
================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html ================================================================================
#********************************************************************** This
message is intended solely for the use of the individual or organisation to
whom it is addressed. It may contain privileged or confidential
information. If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient, you should
not use, copy, alter, or disclose the contents of this message.
All information or opinions expressed in this message and/or any
attachments are those of the author and are not necessarily those of Hughes
Network Systems Limited, including its European subsidiaries and
affiliates. Hughes Network Systems Limited, including its
European subsidiaries and affiliates accepts no responsibility for
loss or damage arising from its use, including damage from
virus. #**********************************************************************
|
|