FW: [FW1] Rule Base

["Juan Concepcion" <juanconcepcion@FW1-NOSPAMearthlink.net>]

 

 

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: juanconcepcion@earthlink.net

-----Original Message-----
From: Juan Concepcion [mailto:juanconcepcion@earthlink.net]
Sent: Tuesday, February 20, 2001 10:16 PM
To: Ryan Realivasquez
Subject: RE: [FW1] Rule Base

First, you only need the first rule.  Secondly you'd have to add a rule in the address translation tab to allow your illegal internal network addresses to go out behind your firewalls external routable ip.

 

Security Policy Tab:

Source       Destination   Service    Action      Track

Network    Any                http        accept    long

 

Address Translation Tab

Source     Destination    Service    Source            Destination    Service

Network    Any                Any        Firewall(hide)    original    original

 

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: juanconcepcion@earthlink.net

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Ryan Realivasquez
Sent: Tuesday, February 20, 2001 9:19 PM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Rule Base

Is it necessary within the rule base to provide for a connection going both ways?  In other words if i need http access for the entire network is it required to do the following two rules:

 

Rule X:    Network     Any         Http    Accept 

Rule Y:   Any           Network    Http   Accept

 

Wouldn't just having the first one allow Http to work both ways  requests going out and requested data and acks coming in?

 

 

Thanks,

 

Ryan Realivasquez