[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FW-1 and Websense
Basic websense rules are easy however how do I setup the rulebases if users first have to authenticate theirselfes? As well I would like the firewall running as proxy listening on port 8080. jh > -----Original Message----- > From: Chris F [SMTP:[email protected]] > Sent: Monday, December 11, 2000 4:19 PM > To: Marc Jacquard; Fw-1-Mailinglist@Lists. Us. Checkpoint. Com > Subject: Re: [FW1] FW-1 and Websense > > > I would use "Any", and not 0.0.0.0 -- as 0.0.0.0 is an > address -- and not "Internet". Sounds like someone was > trying to use your firewall rulebase like a Cisco > default route :) > > If you want to be more secure than "Any", then negate > the object(s) you have for your internal LAN: > > visitor-net...ANy....http-->adult....drop > visitor-net...Not(internalLAN)...http...accept > > When I call Websense, I am always put in a calling > pool waiting for the "next available support rep". > > This is the number I use (from their web site: > www.websense.com) > > >> > [email protected] > > Good Luck! > HTH -- Chris > > > --- Marc Jacquard <[email protected]> wrote: > > > > I have a specific LAN for visitors that is only > > allowed access to the > > outside world. I have 3 rules defined for this > > network. > > > > visitor-net any http-->Adult drop > long > > vistor-net external-net http accept long > > telnet > > ftp > > ssh > > https > > dns > > visitor-net any any drop > long > > > > My problem is that I can do all the functions accept > > HTTP and HTTPS. Every > > packet that goes out on those two services are being > > drop for web security > > reasons by websense. The only way I have been able > > to get the rule to work > > is instead of using the external-net object, I had > > to use the any for rule > > #2. This does not seem right to me. Has anyone > > else had this problem? My > > external-net object is 0.0.0.0 and is used in my > > address translation table. > > This was an object recommended by CkeckPoint. I > > have called websense, but > > they are a callback (No live people on the phones!) > > system and who knows > > when they will call back. Any help would be greatly > > appreciated. > > > > Best regards, > > > > Marc Jacquard > > SR. Systems Engineer (CCSA) > > Fujitsu America, INC. > > Hilo Office > > email: [email protected] > > Telephone:> > Pager:> > > > > > > > > ========================================================================== > ====== > > To unsubscribe from this mailing list, please > > see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > ====== > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|