Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Policies

To: <[email protected]>
Subject: [FW1] Policies
From: "Daniele Bortoluzzi" <[email protected]>
Date: Fri, 28 Sep 2001 12:41:08 +0200
Sender: [email protected]
Thread-index: AcFIChUsdgBbqpZCQm+qGXymepW2VQ==
Thread-topic: Policies


Hi all again...

I have tried different options to block "nimda style" http and smtp
incoming requests...
I am using a Nokia IP330 firewall running CP FW-1

Resources for SMTP block, reject  (why???) all incoming SMTP
connections...
to be clear:

ANY --> mailserver --> smtp_resource --> drop   (drops everything)
ANY --> mailserver --> smtp_resource --> accept (drops nothing)


These are not allowed by the policy manager...

ANY --> mailserver --> NOT smtp_resource --> drop
ANY --> mailserver --> NOT smtp_resource --> accept


Resources for HTTP do not block anything if I do not use the any to any
rule...
Explaining in better details:

any --> any --> HTTP_Resource --> DROP  (drops everything)
in effect I see NO gets for admin.dll and the like... But it blocks
incoming requests for my webmail service too, and I need it for my
remote workers!
What is strange is that outlook webmail has no components using the
{*cmd.exe, *root.exe, *admin.dll, *readme.exe, default.ida} stuff...


any --> "my lan" --> HTTP_Resource --> DROP  (seems to drop nothing)
NOT "my lan" --> "my lan" --> HTTP_Resource ---> DROP  (seems to drop
nothing)

In effect looking at the IIS logfiles i see incoming "nimda style" gets.


Do I definitely need to configure the Security Servers options ?
CVP Server ?  Someone have details about ?

Just because I do not want to go crazy doing hotfixes on the servers
(have plenty to care) everyday :)

Tnx in advance to all.


ciao
Daniele


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Logswitch parameters
Next by Date: [FW1] Re: RE: Radius authentication - What shows the eventviewer?
Previous by thread: RE: [FW1] Logswitch parameters
Next by thread: [FW1] Re: RE: Radius authentication - What shows the eventviewer?
Index(es):
- Date
- Thread