[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] HTTP over different ports, e.g. 8080, 89
Greg, You have to add that port into the fwauthd.conf file so that the FW knows it's an HTTP port and can do what's necessary as HTTP and not just as any old standard port. The phoneboy site has something about that. See the following for exact description of what needs to be done. http://www.phoneboy.com/faq/0135.html Mike > -----Original Message----- > From: Greg Winkler [SMTP:[email protected]] > Sent: ä îøõ 29 2001 16:38 > To: [email protected] > Subject: [FW1] HTTP over different ports, e.g. 8080, 89 > > > I don't know why webmasters do this but recently I've been plagued by > problems when users try to connect to websites via URL's that use what I'm > calling an alternate port. For example, this URL > http://technet.oracle.com:89/cgi-bin/Ultimate.cgi?action=intro&BypassCooki > e=true > , would use HTTP over port 89. Another common one I've seen is 8080 and > I've run across others as well. > > The problem I have is that the firewall drops these connection attempts > because they are made over a port I normally don't allow out the firewall. > I can create a new service definition for these ports and then create a > rule that looks like for example, "InternalNet any HTTP89 accept" > and > the connections work. However when I try to run the connection through the > HTTP security server as in "InternalNet any HTTP89 -> AcceptAll > accept" they seem to get lost. I no longer see drops in the logs but > neither do the connections succeed. I think it's a problem with the > security server. > > Any ideas how to get the security server to process the oddball URL's. > > > > -------------------------------------------------------------------------- > -------------- > > Greg Winkler > Systems Manager, IT&S > Huntsman Corporation > Internet Mail: [email protected] > Voice:> Fax:> > > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|