[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Policy question - FW-1 1.4.2
Hi All, I am trying to add rules to my policy that will selectively allow port 80 access to my DMZ servers. I can specifically code the source addresses for internal clients, but obviously not for the WWW users. If I add a line like - "any DMZ www accept fw-cluster" - I immediately make all specific rules for www access redundant ! So I need some way of identifying the Internet users with a global network object ? I could do this if I knew how to code a "negative" rule (ie "if the source address is not from my internal network, then it must be the Internet") but I can find no way of doing this in the Policy Editor. Just for the record, this is easier with PIX since the rules are applied relative to the interface. I know I can code access-lists in FW-1, but have never tried ; is this a solution ? Any suggestions.... please ! (while I still have some hair left ) Thanks in advance, Gordon ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|