[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] My VERY BAD UFI resouce experience!
Title: My VERY BAD UFI resouce experience! I am running FW-1 4.1 SP3 and had a VERY bad experience with configuring a URI resouce using a file containing 51 sites I wanted to block. I created a rule that said From:<one test workstation IP Address> To:<Any thing except from my class B network> Service: URI Action: Drop Log: Long The URI was defined at Transparent and proxy, with a imported file with the format of <ip address> space / space A and I had a redirect to a internal web page saying the site they visited was a suspected site. I installed the rules and then the fun started. 1. The test workstation could not connect ot any internal or external web site.
3. I manuall unloaded the ruleset, and did a fw fetch <fw mgmt station ip address> and get a Core Segmentation Dump message, except my test workstation can now surf web sites. 4. I then use the FW gui to try and install a ruleset with still the "Connection Refused".
So is the URI feature just plain bad? I am certian the syntax of the file I imported was correct because I exported it and it was exactly what I imported. Has anyone implemented URI filtering by IP address via the File method and gotten it to work under SP3?
|