Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Problem with URI Resource

To: <[email protected]>
Subject: RE: [FW1] Problem with URI Resource
From: "Thuy Trang" <[email protected]>
Date: Thu, 14 Jun 2001 13:27:26 -0600
Cc: "FW1 mailinglist" <[email protected]>
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

if you are using http security for your web site
you have to define specific URI that allow/deny to specific URL
cannot have service http->resource and http to web_site at a time
because if you allow direct http to a web server, firewall will never check
your
http->resource


Hope this will help

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Wednesday, June 13, 2001 9:18 AM
To: [email protected]
Subject: [FW1] Problem with URI Resource



Hi list,

We have a problem with a http_uri resource created to avoid some http
connection to a specific url. This is our ruleset:

      No. source          destination    service             action
      track          install on          time           comment
      1.  any        web_site  http-->uri_resource reject         log
      firewall_cluster         always
      2.  any        web_site  http                accept         log
      firewall_cluster         always

      When rule 1 is disabled, the accepted connections have the source IP
      of the firewall node. However, if we disable the first rule, and all
      http connection go throught the second rule, it doesn't make proxy.
      Behind a load balancing schema based on source IP, it's obviously
      that we would like to had the second behaviour.

      These is the configuration:
      Two nodes in HA and Load Balancing with these configuration: SunOS
      host retevision.es 5.6 Generic_105181-23 sun4u sparc SUNW,Ultra-60,
      Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41814 [VPN +
      DES] SP3 and StoneBeat FullCluster for FireWall-1 version 2.0.2035
      SP02a)

      What is the reason of this problem? How can we fix it?

      Any ideas?

      Thanks.

      Regards,

          Josué
La información incluida en el presente correo electrónico es CONFIDENCIAL,
siendo para el uso exclusivo del destinatario arriba mencionado. Si usted
lee este mensaje y no es el destinatario señalado, el empleado o el agente
responsable de entregar el mensaje al destinatario, o ha recibido esta
comunicación por error, le informamos que está totalmente prohibida
cualquier divulgación, distribución o reproducción de esta comunicación, y
le rogamos que nos lo notifique, nos devuelva el mensaje original a la
dirección arriba mencionada y borre el mensaje.
Gracias.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Problem with URI Resource
  - From: [email protected]

Prev by Date: RE: [FW1] Setting up VPN tunnel from FW-1 to Watchguard Firebox..
Next by Date: RE: [FW1] FW log working slowly
Previous by thread: [FW1] Problem with URI Resource
Next by thread: [FW1] Anti-spoofing
Index(es):
- Date
- Thread