NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] HTTP over different ports, e.g. 8080, 89



Greg,

You have to add that port into the fwauthd.conf file so that the FW knows
it's an HTTP port and can do what's necessary as HTTP and not just as any
old standard port.

The phoneboy site has something about that. See the following for exact
description of what needs to be done.

http://www.phoneboy.com/faq/0135.html

Mike

> -----Original Message-----
> From:	Greg Winkler [SMTP:[email protected]]
> Sent:	ä îøõ 29 2001 16:38
> To:	[email protected]
> Subject:	[FW1] HTTP over different ports, e.g. 8080, 89
> 
> 
> I don't know why webmasters do this but recently I've been plagued by
> problems when users try to connect to websites via URL's that use what I'm
> calling an alternate port. For example, this URL
> http://technet.oracle.com:89/cgi-bin/Ultimate.cgi?action=intro&BypassCooki
> e=true
> , would use HTTP over port 89. Another common one I've seen is 8080 and
> I've run across others as well.
> 
> The problem I have is that the firewall drops these connection attempts
> because they are made over a port I normally don't allow out the firewall.
> I can create a new service definition for these ports and then create a
> rule that looks like for example, "InternalNet   any   HTTP89   accept"
> and
> the connections work. However when I try to run the connection through the
> HTTP security server as in "InternalNet   any   HTTP89 -> AcceptAll
> accept" they seem to get lost. I no longer see drops in the logs but
> neither do the connections succeed. I think it's a problem with the
> security server.
> 
> Any ideas how to get the security server to process the oddball URL's.
> 
> 
> 
> --------------------------------------------------------------------------
> --------------
> 
> Greg Winkler
> Systems Manager, IT&S
> Huntsman Corporation
> Internet Mail: [email protected]
> Voice:> Fax:> 
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.