Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW-1 and Websense

To: Marc Jacquard <[email protected]>, "Fw-1-Mailinglist@FW1-NOSPAMLists. Us. Checkpoint. Com" <[email protected]>
Subject: Re: [FW1] FW-1 and Websense
From: Chris F <[email protected]>
Date: Mon, 11 Dec 2000 07:18:33 -0800 (PST)
Sender: [email protected]

I would use "Any", and not 0.0.0.0 -- as 0.0.0.0 is an
address -- and not "Internet". Sounds like someone was
trying to use your firewall rulebase like a Cisco
default route :)

If you want to be more secure than "Any", then negate
the object(s) you have for your internal LAN:

visitor-net...ANy....http-->adult....drop
visitor-net...Not(internalLAN)...http...accept

When I call Websense, I am always put in a calling
pool waiting for the "next available support rep".

This is the number I use (from their web site:
www.websense.com)[email protected]

Good Luck!
HTH -- Chris


--- Marc Jacquard <[email protected]> wrote:
> 
> I have a specific LAN for visitors that is only
> allowed access to the
> outside world.  I have 3 rules defined for this
> network.
> 
> visitor-net		any			http-->Adult	drop		long
> vistor-net		external-net	http			accept	long
> 						telnet
> 						ftp
> 						ssh
> 						https
> 						dns
> visitor-net		any			any			drop		long
> 
> My problem is that I can do all the functions accept
> HTTP and HTTPS.  Every
> packet that goes out on those two services are being
> drop for web security
> reasons by websense.  The only way I have been able
> to get the rule to work
> is instead of using the external-net object, I had
> to use the any for rule
> #2.  This does not seem right to me.  Has anyone
> else had this problem?  My
> external-net object is 0.0.0.0 and is used in my
> address translation table.
> This was an object recommended by CkeckPoint.  I
> have called websense, but
> they are a callback (No live people on the phones!)
> system and who knows
> when they will call back.  Any help would be greatly
> appreciated.
> 
> Best regards,
> 
> Marc Jacquard
> SR. Systems Engineer (CCSA)
> Fujitsu America, INC.
> Hilo Office
> email: [email protected]
> Telephone:> Pager:> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] IPSO 3.3 Release!
Next by Date: Re: [FW1] FW-1 and Websense, Rainwall Comments?
Previous by thread: Re: [FW1] FW-1 and Websense, Rainwall Comments?
Next by thread: RE: [FW1] FW-1 and Websense
Index(es):
- Date
- Thread