[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] problem with filtering http
Could anybody help me please? I used resources for filtering http request for normal users. Everything goes OK. Now I decide to add http proxy in my DMZ. And I want to use my rule with resource for filtering as I did before. My proxy is running on Win2k with 2 virtual IP. I add resource for my normal users with the same http restriction ( they can't download *.zip *.mp3 ... files, destination is my proxy IP #1. After I add rule for rest of us without resource ,destination is my proxy IP #2. This configuration does'nt work. Nobody can't download ANY http files (not only this described in resource). If I disable rule with resource http request are allowed. Another problem is that I can't define my proxy as internal host, only as external. I have got FW-1 VPN v.4.1 eec SP2 WIN NT 4.0 SP6 with 4 interfaces I add my rules and objects at the end. Thanks for any answers Michal RULES: _________________________________________________________________________ ( :rule ( :src ( : IT ) :dst ( : proxy.aero.cz ) :services ( : ("http-proxy->proxyomezeni" :resource proxyomezeni :service http-proxy :color (black) :icon (uri) :type (Tcp) :"#oldname" ( :type (refobj) :refname ("#_http-proxy->proxyomezeni") ) ) ) :action ( : (drop :type (drop) :color (Firebrick) :icon-name (icon-drop) :text-rid (61465) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) :comments ("Pokusny provoz;Proxy") :id (1) ) :rule ( :src ( : IT ) :dst ( : proxy.aero.cz ) :services ( : http-proxy ) :action ( : (accept :type (accept) :color ("Dark green") :macro (RECORD_CONN) :icon-name (icon-accept) :text-rid (61463) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) :comments ("Pokusny provoz;Proxy") ) :rule ( :src ( : proxy.aero.cz ) :dst ( : Any ) :services ( : http : https : ftp ) :action ( : (accept :type (accept) :color ("Dark green") :macro (RECORD_CONN) :icon-name (icon-accept) :text-rid (61463) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) :comments ("Pokusny provoz;Proxy") ) OBJECTS: ________________________________________ ( :rule ( :src ( : IT ) :dst ( : proxy.aero.cz ) :services ( : ("http-proxy->proxyomezeni" :resource proxyomezeni :service http-proxy :color (black) :icon (uri) :type (Tcp) :"#oldname" ( :type (refobj) :refname ("#_http-proxy->proxyomezeni") ) ) ) :action ( : (drop :type (drop) :color (Firebrick) :icon-name (icon-drop) :text-rid (61465) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) :comments ("Pokusny provoz;Proxy") :id (1) ) :rule ( :src ( : IT ) :dst ( : proxy.aero.cz ) :services ( : http-proxy ) :action ( : (accept :type (accept) :color ("Dark green") :macro (RECORD_CONN) :icon-name (icon-accept) :text-rid (61463) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) :comments ("Pokusny provoz;Proxy") ) :rule ( :src ( : proxy.aero.cz ) :dst ( : Any ) :services ( : http : https : ftp ) :action ( : (accept :type (accept) :color ("Dark green") :macro (RECORD_CONN) :icon-name (icon-accept) :text-rid (61463) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) :comments ("Pokusny provoz;Proxy") ) ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|