[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FW-1 Loophole?
Check your rule 0 set. If ACCEPT UDP replies is checked then all replies to UDP packets are statefully inspected and allowed back in within the timelimit(by default set to 40seconds). The UDP rule you have allows to a destination of 135 from source ports of 4500-4550. So, if you uncheck ACCEPT UDP Replies, FW-1 should drop those packets coming back on "1052" or etc... Amin Tora, CISSP ePlus Technology http://www.eplus.com NASDAQ: PLUS -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, February 27, 2001 11:34 AM To: [email protected] Subject: [FW1] FW-1 Loophole? We are running an application in two DMZ's (DMZA, DMZB). The app is a dcomm app which uses Microsoft's transaction server to communicate from a server in the DMZ to a server on the private side. The application is configured to communicate using UDP on ports 135 and a range from 4500 through 4550. This is setup via the registry on the servers in the DMZ and the private side. We have a rule setup on Firewall-1 (4.1 SP2) in DMZA which allows the specific UDP ports (135, 4500-4550) through the firewall to the specific servers on the private side. The application works in this DMZ. In our second DMZ we have PIX firewalls not FW-1. The application is not working in this DMZ. We are seeing drops on UDP port 1052 going from the DMZ to the private side. We don't have a rule set up for that specific port on either firewall so it makes sense that the PIX is dropping it. However when we trace the application we see the same kind of traffic in both DMZs. It appears as if FW-1 in DMZA is allowing this protocol (UDP 1052) through and the PIX is not. We talked to CISCO about this problem and they indicated the PIX is working as designed. This leads us to believe that there may be a FW-1 problem. Why is FW-1 allowing UDP 1052 through? We don't see anything in the firewall log to indicate it is being accepted. Any help on this problem would be appreciated. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|