Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] a few question

To: Nils Kolstein <[email protected]>
Subject: Re: [FW1] a few question
From: Martin Hoz <[email protected]>
Date: Sun, 15 Apr 2001 00:09:59 -0500
Cc: "'Bilgehan turan'" <[email protected]>, [email protected]
Organization: Universidad Autonoma de Nuevo Leon
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Answering the first 2 questions.

1) When you're using the Policy Editor, you've an option to "Install 
rules", so when you run this option you've your new rulebase applied. 

2) Rules are applied in linear order, so if a connection matches the 
first rule, next rules are not even readed. 

As of the 4 question, What are you trying to block ? An URL ?
If so, it could be better if you use URI resources (Manage -> Resources
from your Policy Editor). 

I strongly suggest you to read the Getting Started manual (it comes
within the CD where you get the software).  :-)

Regards.


-- 
Martin Humberto Hoz Salvador 
I. E. C.
EX-A-FIME 
http://gama.fime.uanl.mx/~mhoz

"Daddy, why doesn't this Magnet pick up this Floppy Disk ?"


Nils Kolstein wrote:
> 
> Hi,
> 
> I am not using NT for our FW-platform but I might give some hints..
> 
> 3) As far as I know there is no limit on rules, but the more rules, the more
> impact it has on the performance of the FW especially when using al lot of
> encryption and NAT rules..
> 
> 4) Try to block the site on it's IP-address instead of hostname. It might be
> the case that the site is reachable under more than one IP-address through a
> DNS-roundrobin sort of system .. So several IP's under one hostname to
> create a form of redundancy.. This might be the case with larger sites,
> although it might be better to use Level 4 (web)switching devices..
> 
> I hope this all helps.. ;-))
> 
> Nils Kolstein
> Internetworking Engineer
> Planet Media Group
> E-mail: [email protected]
> Tel.: (+31)> 
> > -----Original Message-----
> > From: Bilgehan turan [mailto:[email protected]]
> > Sent: Wednesday, April 11, 2001 3:54 PM
> > To: [email protected]
> > Subject: [FW1] a few question
> >
> >
> >
> > Hi to all Checkpoint gurus
> > I am new for checkpoint 4.1(installed on NT 4.0)
> > 1) do I have to restart the checkpoint services when I edit
> > the rules by
> > rules editor.Is there a easy way to start services or do I
> > have to use NT's
> > services tool.
> > 2) Do rules read linearly?I mean an above rule permits that
> > packet go inside
> > ,but below rule does not.( or this is the policy confliction)
> > 3) is there a rule limit ?
> > 4) How can I reject a domain www.abc.com .I add a domain to
> > our rules to
> > reject.But I can connect it.I could not solve the problem.
> >
> >
> > Thanks in advance...
> >
> > Bilgehan TURAN
> > System and Network Administrator
> > Ph    :> > Mob :> >


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] a few question
  - From: Nils Kolstein <[email protected]>

Prev by Date: Re: [FW1] Analysing tools for Checkpoint fw.log
Next by Date: Re: [FW1] Building an NT bastion host
Previous by thread: RE: [FW1] a few question
Next by thread: [FW1] Continous fw-1 fails - AIX help kind of
Index(es):
- Date
- Thread