[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW-1 and Websense
I would use "Any", and not 0.0.0.0 -- as 0.0.0.0 is an address -- and not "Internet". Sounds like someone was trying to use your firewall rulebase like a Cisco default route :) If you want to be more secure than "Any", then negate the object(s) you have for your internal LAN: visitor-net...ANy....http-->adult....drop visitor-net...Not(internalLAN)...http...accept When I call Websense, I am always put in a calling pool waiting for the "next available support rep". This is the number I use (from their web site: www.websense.com)[email protected] Good Luck! HTH -- Chris --- Marc Jacquard <[email protected]> wrote: > > I have a specific LAN for visitors that is only > allowed access to the > outside world. I have 3 rules defined for this > network. > > visitor-net any http-->Adult drop long > vistor-net external-net http accept long > telnet > ftp > ssh > https > dns > visitor-net any any drop long > > My problem is that I can do all the functions accept > HTTP and HTTPS. Every > packet that goes out on those two services are being > drop for web security > reasons by websense. The only way I have been able > to get the rule to work > is instead of using the external-net object, I had > to use the any for rule > #2. This does not seem right to me. Has anyone > else had this problem? My > external-net object is 0.0.0.0 and is used in my > address translation table. > This was an object recommended by CkeckPoint. I > have called websense, but > they are a callback (No live people on the phones!) > system and who knows > when they will call back. Any help would be greatly > appreciated. > > Best regards, > > Marc Jacquard > SR. Systems Engineer (CCSA) > Fujitsu America, INC. > Hilo Office > email: [email protected] > Telephone:> Pager:> > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|