[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Nimda rule (URI resource matching) makes file-uploadin g fail
Jerry wrote: > Apparently, we can't use Nimda rule without using > "ANY" since the only way to block inbound Nimda hack > from Internet is using "ANY" as "Source". Try having two rules as follows: not your_network --- your_network --- http->Nimda_URI --- drop your_network --- not your network --- http->Nimda_URI --- drop Where your_network is a group that encompasses any internal networks and DMZ networks. To get the 'not your_network', enter your_network and then choose the negate option. That way, your internal to DMZ and vice versa won't be affected by the Nimda rule as it is effectively your_network to your_network. Hope this helps. Paul Toyne CCSA/CCSE ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|