[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Source IP change after creating uri
Title: RE: [FW-1] Source IP change after creating uri If you create a URI resource droping traffic to your WEB Servers in the DMZ you will actually see the real IP address of the attacker and not the IP Address of the Firewall. When you create URI of this type the traffic is not sent at the WEB Server, it is rejected at the Interface of the FW responsible for dropping the rule. So... If you create a URI for blocking CodeRed traffic, Nimda etc you should set it at DROP. This actually means that the FW will take the packet, process it and then it will REJECT it. Only if you create a rule ACCEPTING traffic you will see the IP Address of the FW interface and not the IP Address of the Remote whatever. As far as i know (i may be wrong though), if accepting with a URI resource you can do nothing about your problem and that is because the FW operates in a "Proxy" mode (without caching that is...). e.g. Accepting... 1. Client requests www.somewhere.com
Excuse my tone, i do not want to be offensive, i just don't know another way to say these things.
PS. I am not a guru. If someone else knows the correct answer (in case my answer is wrong), then please show us the way. -----Original Message-----
I'm using FW 4.1 SP5, anyone any idea how to get the FW to broadcast the
Thanks in advance... _________________________________________________________________
=================================================
|