[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] problem with filtering http
Could anybody help me please?
I used resources for filtering http request for normal users.
Everything goes OK.
Now I decide to add http proxy in my DMZ.
And I want to use my rule with resource for filtering as I did before.
My proxy is running on Win2k with 2 virtual IP.
I add resource for my normal users with the same http restriction ( they
can't download
*.zip *.mp3 ... files, destination is my proxy IP #1.
After I add rule for rest of us without resource ,destination is my proxy IP
#2.
This configuration does'nt work.
Nobody can't download ANY http files (not only this described in resource).
If I disable rule with resource http request are allowed.
Another problem is that I can't define my proxy as internal host, only as
external.
I have got FW-1 VPN v.4.1 eec SP2
WIN NT 4.0 SP6
with 4 interfaces
I add my rules and objects at the end.
Thanks for any answers Michal
RULES:
_________________________________________________________________________
(
:rule (
:src (
: IT
)
:dst (
: proxy.aero.cz
)
:services (
: ("http-proxy->proxyomezeni"
:resource proxyomezeni
:service http-proxy
:color (black)
:icon (uri)
:type (Tcp)
:"#oldname" (
:type (refobj)
:refname
("#_http-proxy->proxyomezeni")
)
)
)
:action (
: (drop
:type (drop)
:color (Firebrick)
:icon-name (icon-drop)
:text-rid (61465)
:windows-color (green)
)
)
:track ()
:install (
: (Gateways
:type (gateways)
:color ("Navy Blue")
:icon-name (icon-gateways)
)
)
:time (
: Any
)
:comments ("Pokusny provoz;Proxy")
:id (1)
)
:rule (
:src (
: IT
)
:dst (
: proxy.aero.cz
)
:services (
: http-proxy
)
:action (
: (accept
:type (accept)
:color ("Dark green")
:macro (RECORD_CONN)
:icon-name (icon-accept)
:text-rid (61463)
:windows-color (green)
)
)
:track ()
:install (
: (Gateways
:type (gateways)
:color ("Navy Blue")
:icon-name (icon-gateways)
)
)
:time (
: Any
)
:comments ("Pokusny provoz;Proxy")
)
:rule (
:src (
: proxy.aero.cz
)
:dst (
: Any
)
:services (
: http
: https
: ftp
)
:action (
: (accept
:type (accept)
:color ("Dark green")
:macro (RECORD_CONN)
:icon-name (icon-accept)
:text-rid (61463)
:windows-color (green)
)
)
:track ()
:install (
: (Gateways
:type (gateways)
:color ("Navy Blue")
:icon-name (icon-gateways)
)
)
:time (
: Any
)
:comments ("Pokusny provoz;Proxy")
)
OBJECTS:
________________________________________
(
:rule (
:src (
: IT
)
:dst (
: proxy.aero.cz
)
:services (
: ("http-proxy->proxyomezeni"
:resource proxyomezeni
:service http-proxy
:color (black)
:icon (uri)
:type (Tcp)
:"#oldname" (
:type (refobj)
:refname
("#_http-proxy->proxyomezeni")
)
)
)
:action (
: (drop
:type (drop)
:color (Firebrick)
:icon-name (icon-drop)
:text-rid (61465)
:windows-color (green)
)
)
:track ()
:install (
: (Gateways
:type (gateways)
:color ("Navy Blue")
:icon-name (icon-gateways)
)
)
:time (
: Any
)
:comments ("Pokusny provoz;Proxy")
:id (1)
)
:rule (
:src (
: IT
)
:dst (
: proxy.aero.cz
)
:services (
: http-proxy
)
:action (
: (accept
:type (accept)
:color ("Dark green")
:macro (RECORD_CONN)
:icon-name (icon-accept)
:text-rid (61463)
:windows-color (green)
)
)
:track ()
:install (
: (Gateways
:type (gateways)
:color ("Navy Blue")
:icon-name (icon-gateways)
)
)
:time (
: Any
)
:comments ("Pokusny provoz;Proxy")
)
:rule (
:src (
: proxy.aero.cz
)
:dst (
: Any
)
:services (
: http
: https
: ftp
)
:action (
: (accept
:type (accept)
:color ("Dark green")
:macro (RECORD_CONN)
:icon-name (icon-accept)
:text-rid (61463)
:windows-color (green)
)
)
:track ()
:install (
: (Gateways
:type (gateways)
:color ("Navy Blue")
:icon-name (icon-gateways)
)
)
:time (
: Any
)
:comments ("Pokusny provoz;Proxy")
)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================