[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Policy question - FW-1 1.4.2
Gordon, This should be very simple. In the source select your Internal Network group, then highlight it, right-click and select negate (or negate-cell if NG is in use). Met vriendelijke groeten - Bien a vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== -----Original Message----- From: Gordon Webber [mailto:[email protected]] Sent: 15 February 2002 10:25 To: [email protected] Subject: [FW-1] Policy question - FW-1 1.4.2 Hi All, I am trying to add rules to my policy that will selectively allow port 80 access to my DMZ servers. I can specifically code the source addresses for internal clients, but obviously not for the WWW users. If I add a line like - "any DMZ www accept fw-cluster" - I immediately make all specific rules for www access redundant ! So I need some way of identifying the Internet users with a global network object ? I could do this if I knew how to code a "negative" rule (ie "if the source address is not from my internal network, then it must be the Internet") but I can find no way of doing this in the Policy Editor. Just for the record, this is easier with PIX since the rules are applied relative to the interface. I know I can code access-lists in FW-1, but have never tried ; is this a solution ? Any suggestions.... please ! (while I still have some hair left ) Thanks in advance, Gordon ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|