NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Code Red: What security specialist don't mention in warnings



We had basicly the same problem in that we had users that couldn't reach certain
sites.  However, we also found that some of our pages that are blocked to external
IP addresses we now viewable.   We found that the rule seemed to cause the packets
to be rewritten with the FW's IP address as the source, so we've disabled the rule
for the time being.

Can anyone suggest a method that preserves the original source IP address while
still inspecting the packets with the http w/resource rule?

Thanks,

Jim Driskell

LEFEVRE David wrote:

> I had exactly the same problem !
> No cpu overload, but some of the old sites weren't reachable any more.
>
> Any help ?
>
> [email protected] wrote:
>
> > My experience was that it did eat up a little extra CPU but not too bad -
> > BUT our main problem was with the other affects of using these rule - namely
> > some web sites (especially newer ones) not working properly - workaround was
> > to uncheck "Use HTTP 1.1"  in IE.
> >
> > This hasn't worked for every situation and occassionally I have to
> > temporarily disable the http-with-resource rules if a user is really
> > struggling.
> >
> > Not the best situation ever - but what can you do ?!  ;-)
> >
> > Tim
> >
> >         "Ed Davidson" <[email protected]>
> > Sent by: [email protected]
> >
> > 09/08/01 00:35
> >
> >         To:        "'Luke, Jason (ISS Southfield)'" <[email protected]>, "'METE
> > EMINAGAOGLU (IT)'" <[email protected]>
> >         cc:        <[email protected]>
> >         Subject:        RE: [FW1] Code Red: What security specialist don't
> > mention in war nings
> >
> > RE: [FW1] Code Red: What security specialist don't mention in warningsI have
> > done this on an NT box, and my CPU wasn't pegged at
> > 100%.  The average is and remains around 15 to 20%.
> >
> > FYI
> >
> > http://www.primeinc.com
> > **********************************************************************
> > This email and any files transmitted with it are confidential
> > and intended solely for the use of the individual or entity to
> > whom they are addressed.  If you have received this email
> > in error please reply to the sender of the message.
> >
> > The views expressed in this correspondence may not
> > reflect the views of Prime, Inc.
> >
> > This footnote also confirms that this email message has
> > been scanned for the presence of computer viruses.
> > ***********************************************************************
> > I have done this on an NT box, and my CPU wasn't pegged at 100%.  The
> > average is and remains around 15 to 20%.
> >
> >
> > FYI
> >
> > http://www.primeinc.com
> > **********************************************************************
> > This email and any files transmitted with it are confidential
> > and intended solely for the use of the individual or entity to
> > whom they are addressed. If you have received this email
> > in error please reply to the sender of the message.
> >
> > The views expressed in this correspondence may not
> > reflect the views of Prime, Inc.
> >
> > This footnote also confirms that this email message has
> > been scanned for the presence of computer viruses.
> > ***********************************************************************
>
> --
> David LEFEVRE
> CARDIF - Architecture et Sécurité Opérationnelle
> [email protected] - Tél : 01 41 42 76 63
>      [email protected] - Tel : 01 41 42 24 22
>
> **********************************************************************
> L'intégrité de ce message n'étant pas assurée sur Internet,
> CARDIF ne peut être tenu responsable de son contenu.
> Si vous n'êtes pas destinataire de ce message confidentiel,
> Merci de le détruire et d'avertir immédiatement l'expediteur.
>
> The integrity of this message cannot be guaranteed on the
> Internet. CARDIF can not therefore be considered responsible
> for the contents.
> If you are not the intended recipient of this confidential message,
> then please delete it and notify immediately the sender.
>
> **********************************************************************
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.