NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to stop FW machine to send nbname from itself?



Odd.  I can see how they would all get through or all get dropped, but
half-and-half is a little weird if the drop rule's services truly cover all
the traffic in question.

If you are using an NBT group you may want to verify that the port you're
seeing on the Rule 0 traffic is actually included in the drop rule.

On an additional note, what everyone has said so far about hardening the
firewall is decidedly on-point.  Ideally, the computer shouldn't be capable
of speaking NBT to *anything* by the time you're through with it.  But if it
has to be capable of speaking NBT for some reason (wanting to use
centralized backup software to pick up the conf directory, for example), its
ability to do so should be curtailed as much as possible at the OS level and
*then* at the firewall/policy level.

Let us know what you find on the Rule 0 exception.

-----Original Message-----
From: Jignesh Pathak [mailto:[email protected]]
Sent: Thursday, April 04, 2002 2:14 PM
To: [email protected]
Subject: Re: [FW-1] How to stop FW machine to send nbname from itself?


Thanks... Russell....By adding FW->Any->NBT->Drop with "Install On" set to
"Src." Worked but...out of 4 packets it is dropping 3 packets by that
explicit rule and accepting one packet by rule 0. Is there any I am missing?

Thanks,

Jignesh

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Russell
Washington
Sent: Thursday, April 04, 2002 4:01 PM
To: [email protected]
Subject: Re: [FW-1] How to stop FW machine to send nbname from itself?

Your issue (aside from the fact that you may want to just kill all NBT stuff
happening on the firewall) is likely that your policies are being applied on
the Inbound direction only (policy properties).  Packets originating at the
firewall are, by definition, outbound, whether going to the Internet or an
internal interface.

You can take the approach of changing your policy property to Eitherbound,
or you can add a rule that says something like FW->Any->NBT->Drop with
"Install On" set to "Src."  If you take the latter approach, log the rule
initially so that you can verify that it is dropping the traffic.  It should
do the trick.

Obviously, while NBT is the issue you hit this on, what you're seeing would
actually apply to any service/protocol if the firewall were the source of
the traffic.  Hope this helps.

-----Original Message-----
From: Jignesh Pathak [mailto:[email protected]]
Sent: Thursday, April 04, 2002 12:23 PM
To: [email protected]
Subject: [FW-1] How to stop FW machine to send nbname from itself?


Hello:

We have installed FW-1 v.4.1/SP5 on Windows 2000 SP2 at our client location.
We have AnyàAnyàNBTàDrop rule base to drop nbname, nbtdatagram packets and
FW is doing so. But FW logs shows that FW machine itself is sending nbname
packets to internet side. How can I stop this? Is there any performance
issue?

Thanks,

Jignesh

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.