[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] FW-1 and Websense
Title: RE: [FW1] FW-1 and Websense
Actually, I need to make a little clarification.
The packets are being rejected for security, not dropped. That was a
mis-statement on my part. The packets should be dropped. I see a
reject for action and then a content security message in the log file. I
seriously doubt CNN is a security issue. But, when I allow to "ANY' it all
works fine.
Marc Jacquard SR. Systems Engineer Fujitsu America,
INC. Hilo Office email: [email protected] Telephone: Pager:
Marc,
What is your firewall setup? Platform/OS and FW-1
Ver? I have
seen this on a Sun Solaris 2.6 box where routing did not get turned on
properly and the box assumed 0.0.0.0 was a valid address rather than using the
default route to the internet.
Just my $0.02 Phillip
-----Original Message----- From: Marc
Jacquard [mailto:[email protected]] Sent: Friday, December 08, 2000 1:50 PM To:
Fw-1-Mailinglist@Lists. Us. Checkpoint. Com Subject:
[FW1] FW-1 and Websense
I have a specific LAN for visitors that is only allowed access
to the outside world. I have 3 rules defined for
this network.
visitor-net
any
http-->Adult
drop long
vistor-net
external-net
http
accept long
telnet
ftp
ssh
https
dns visitor-net
any
any
drop
long
My problem is that I can do all the functions accept HTTP and
HTTPS. Every packet that goes out on those two
services are being drop for web security reasons by
websense. The only way I have been able to get the rule to work
is instead of using the external-net object, I had to use the
any for rule #2. This does not seem right to
me. Has anyone else had this problem? My external-net object is 0.0.0.0 and is used in my address translation
table. This was an object recommended by
CkeckPoint. I have called websense, but they are
a callback (No live people on the phones!) system and who knows
when they will call back. Any help would be greatly
appreciated.
Best regards,
Marc Jacquard SR. Systems Engineer
(CCSA) Fujitsu America, INC. Hilo Office email: [email protected]
Telephone: Pager:
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|