NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Strange NAT and packet transfer within Web server...



Title: RE: [FW1] Strange NAT and packet transfer within Web server...

Hi Ralf,

I know what rule 0 is in general terms, but I' m wondering why it' s allowed, because there' s no such implied rule and no automatic NAT, or no explicit defined NAT rule either...

The questions you' re asking in the 2nd paragraph are the questions I' m also asking, I really don' t know. And as far as I know, my company does not such replication, etc. The Firewalls were configured, installed and set before I participated in the company' s project, so I can only exactly know what' s going on for the current usage of the FW's and what are the current implied rules in the policy editor. (All the things visible and as they seem to be.. in the CP FW management console and rules, etc...)

Thank you for your support Ralf, and I'm waiting for any other thoughts, recommendations, suggestions, etc...


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: 11 Temmuz 2001 Çar?amba 12:51
To: METE EMINAGAOGLU (IT)
Cc: [email protected]
Subject: Re: [FW1] Strange NAT and packet transfer within Web server...



Mete,

Rule 0 means it's accepted because of some implied rule you have checked in
the rulebase properties. And maybe you have done Automatic NAT on the
Webserver object? I'd recommend to never use Automatic NAT and populate the
NAT rules by hand. Reason: Oversight, control and logging.

Plus, why would the firewall itself initiate a connection with http to an
external site? Or if it does it in place of the webserver (do you have FW-1
set up to act as a proxy for the webserver?) why would the webserver
initiate it? Normally you define objects for the incoming traffic and the
response packets by the server are implied in that rule, so you don't need
a rule where the webserver is the source. Of course I don't know what your
company does, maybe you need to replicate data with external sites, than
it's different.

Just my spontaneous thoughts...Let's see what others have to say.

Cheers
Ralf  G.


z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z
Ralf Guenthner, Senior IT Security Consultant
Zentric GmbH & Co. KG  - IT Security & Groupware Solutions
Office Phone:     +49-6101-556060
Fax:       +49-6101-556065
mailto:[email protected]
http://www.zentric.com
+z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.