[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] http out to specific sites.
Greetings all > Wonder if u can help!! > A few days ago, our old FireWall/Proxy server crashed. Since the new FireWall is to replace the old one, I was asked to migrate only our Internet users over to FW1 and to allow the entire company to browse through the "proxy" service of FW1 after working hours. This was done with little effort. However, we have a requirement that should allow everyone in our organisation the right to surf/browse a few specific sites which can be identified by IP address. However, when attempting to set this up, the stealth rule comes into play and drops these connections. PS the rules as defined below are all above the stealth rule. Note that since we do not have proxy server, we have to setup a resource for http with the proxy option in the resource checked. Also clients browsers were configured to proxy to the old proxy server on port 8080. We have setup another http resource with the filter on port 8080. This is configured in the fwauthd.conf file as dictated by phoneboy's suggestions. It works, if I allow the following rule to define our entire network to any destination on resource service http and http-8080. For the allowed internet users the following rule > Source Destintaion Service > Action Track Install On Time Comment > Usersgroups Any http->http-out > Accept etc etc etc etc > http-8080->http-out > > Now, for the entire company to be granted after hours access, I have the > ffg rule. > > Source Destintaion Service > Action Track Time Install On Time Comment > Kentron_Network Any http->http-out > Accept etc AFTER HRS etc etc etc > http-8080->http-out > > However, during the day we want to allow everyone to surf to Vodacom and > MTN's SMS sites, so I have a rule as follows. > > Source Destintaion Service > Action Track Time Install On Time Comment > Kentron_Network www.mtnsms.com http->http-out > Accept etc Any etc etc etc > websms.vodacom.net http-8080->http-out > > But this does not WORK!!!! I get the connections dropped on the Stealth > Rule. PS The rules above are all above the stealth rule so they should be > parsed, but it does not. Help me please, this is wrecking my mind!!!!! > > Thanx a million > > Sumash ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at [email protected]. ********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|