Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Nimda rule (URI resource matching) makes file-uploadin g fail

To: [email protected]
Subject: Re: [FW-1] Nimda rule (URI resource matching) makes file-uploadin g fail
From: Paul Toyne <[email protected]>
Date: Thu, 28 Feb 2002 15:55:46 -0000
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Jerry wrote:

> Apparently, we can't use Nimda rule without using
> "ANY" since the only way to block inbound Nimda hack
> from Internet is using "ANY" as "Source".

Try having two rules as follows:

not your_network --- your_network --- http->Nimda_URI --- drop
your_network --- not your network --- http->Nimda_URI --- drop

Where your_network is a group that encompasses any internal
networks and DMZ networks.

To get the 'not your_network', enter your_network and then choose
the negate option.

That way, your internal to DMZ and vice versa won't be affected
by the Nimda rule as it is effectively your_network to your_network.

Hope this helps.

Paul Toyne
CCSA/CCSE

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] High availability question
Next by Date: Re: [FW-1] redirection
Previous by thread: Re: [FW-1] NT problems
Next by thread: Re: [FW-1] Nimda rule (URI resource matching) makes file-uploading fail
Index(es):
- Date
- Thread