NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] My VERY BAD UFI resouce experience!



Title: My VERY BAD UFI resouce experience!

I am running FW-1 4.1 SP3 and had a VERY bad experience with configuring a URI resouce using a file containing 51 sites I wanted to block.

 
I created a rule that said From:<one test workstation IP Address>   To:<Any thing except from my class B network> Service: URI  Action: Drop  Log: Long

The URI was defined at  Transparent and proxy, with a imported file with the format of <ip address> space / space A and I had a redirect to a internal web page saying the site they visited was a suspected site.

I installed the rules and then the fun started.
 
 1. The test workstation could not connect ot any internal or external web site.
 2.  When I went to remote the rule and re-install the policy, I get a "Connection Refused" during the installation of the ruleset.

 3.  I manuall unloaded the ruleset, and did a fw fetch <fw mgmt station ip address> and get  a Core Segmentation Dump message, except my test workstation can now surf web sites.

4. I then use the FW gui to try and install a ruleset with still the "Connection Refused".
5.  I can sucessfully ping from/to the fw management station.
6. After calling for support, I am told to reboot the firewall, and low and behold I can sucessfully install a policy.
 
So is the URI feature just plain bad?  I am certian the syntax of the file I imported was correct because I exported it and it was exactly what I imported.

Has anyone implemented URI filtering by IP address via the File method and gotten it to work under SP3?

Do URI filtering work under SP5?

I posted this question Saturday and got ZERO replies, I'm not feeling good about trying this again without some feedback.




 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.