| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] http out to specific sites.
Title: RE: [FW1] http out to specific sites.
I would probably buld a different resource that uses an HTTP URL filter to allow users to specific sites.
> -----Original Message-----
> From: Sumash Singh [mailto:[email protected]]
> Sent: Friday, January 05, 2001 8:41 AM
> To: '[email protected]'
> Subject: [FW1] http out to specific sites.
>
>
>
> Greetings all
>
> > Wonder if u can help!!
> >
> A few days ago, our old FireWall/Proxy server crashed. Since the new
> FireWall is to replace the old one, I was asked to migrate
> only our Internet
> users over to FW1 and to allow the entire company to browse
> through the
> "proxy" service of FW1 after working hours. This was done with little
> effort. However, we have a requirement that should allow
> everyone in our
> organisation the right to surf/browse a few specific sites
> which can be
> identified by IP address. However, when attempting to set this up, the
> stealth rule comes into play and drops these connections. PS
> the rules as
> defined below are all above the stealth rule. Note that since
> we do not have
> proxy server, we have to setup a resource for http with the
> proxy option in
> the resource checked. Also clients browsers were configured
> to proxy to the
> old proxy server on port 8080. We have setup another http
> resource with the
> filter on port 8080. This is configured in the fwauthd.conf
> file as dictated
> by phoneboy's suggestions. It works, if I allow the following
> rule to define
> our entire network to any destination on resource service http and
> http-8080.
>
>
> For the allowed internet users the following rule
> > Source Destintaion Service
> > Action Track Install On Time Comment
> > Usersgroups Any http->http-out
> > Accept etc etc etc etc
> > http-8080->http-out
> >
> > Now, for the entire company to be granted after hours
> access, I have the
> > ffg rule.
> >
> > Source Destintaion Service
> > Action Track Time Install On Time Comment
> > Kentron_Network Any http->http-out
> > Accept etc AFTER HRS etc etc etc
> > http-8080->http-out
> >
> > However, during the day we want to allow everyone to surf
> to Vodacom and
> > MTN's SMS sites, so I have a rule as follows.
> >
> > Source Destintaion Service
> > Action Track Time Install On Time Comment
> > Kentron_Network www.mtnsms.com http->http-out
> > Accept etc Any etc etc etc
> > websms.vodacom.net http-8080->http-out
> >
> > But this does not WORK!!!! I get the connections dropped on
> the Stealth
> > Rule. PS The rules above are all above the stealth rule so
> they should be
> > parsed, but it does not. Help me please, this is wrecking
> my mind!!!!!
> >
> > Thanx a million
> >
> > Sumash
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager at [email protected].
> **********************************************************************
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.
Gruntal & Co., L.L.C.
***********************************************************************
|
|
