NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] URI usage odd symptom



I'm surprised you had that working at all. I had the same problem with just
a handful of sites and our firewall did the same thing (unable to connect to
www). I'd be interested if you find anything out.

Zoran Rankovich
OSD Network Engineer
[email protected]

	-----Original Message-----
	From:	Mike Glassman - Admin [SMTP:[email protected]]
	Sent:	Thursday, March 29, 2001 9:32 AM
	To:	'fw-1 listserv'
	Subject:	[FW1] URI usage odd symptom


	Afternoon all,

	I have for the second time, encountered a very odd issue when using
a hand
	made list of sites I block, using a URI file.

	The issue is as follows.

	I have a file containing about 1400 sites, in IP notation that we do
not
	want users here to get to. Since this list is mainly made up of hard
core
	sites, the list obviously fluctuates, growing and shrinking as some
are
	taken off the list after users stop going there, and others are
added.

	I added IP address number 1401 a few days ago, and as soon as I
installed
	the rules, noone could access the Internet, receiving time outs on
every
	site they tried. Pings and FTP of course worked fine, but any site
that was
	HTTP based, and was accessed, timed out. This when users hit any
rule that
	used the URI file. Users without this rule, worked fine (obviously).

	The moment I removed the rule using the URI file, which has worked
for close
	to a year here now, everything started working again immediately.
But...I am
	left with no site blocking, and at the moment can't put in any
software for
	this, so I'm sort of stuck with the URI file route for now.

	Does anyone know of any limitations to how many lines a URI file can
have
	(How many IP addresses that is)? Or why the systems stopped
responding ?

	Is it possible to make two rules, each one using a different URI
file ? If
	so, would this help ?

	My current rules look something like this :

	Proxy-Internal	Any	HTTP-Block-Bad-Sites	Reject	Long	<-
This is
	the rule using the URI
	Proxy-Internal	Any	HTTP-Block-Dlds	Reject	Long	<- Blocks
specific
	file dld's
	Proxy-Internal	Any	HTTP			Accept	Long	<-
Allows
	all else

	Anyone ?

	Thanks all,


	Mike Glassman
	System & Security Admin
	Israeli Airports Authority
	Ben-Gurion Airport
	http://www.ben-gurion-airport.co.il

	Tel : 972-3-9710785
	Fax : 972-3-9710939
	Email : [email protected]

	Usage of this email address or any email address at iaa.gov.il for
the
	purpose of sales pitches, SPAM or any other such unwanted garbage,
is
	illegal, and any person, whether corporate or alone doing so, will
be
	prosecuted to the fullest possible extent.






	
============================================================================
====
	     To unsubscribe from this mailing list, please see the
instructions at
	               http://www.checkpoint.com/services/mailing.html
	
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.