[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to stop FW machine to send nbname from itself?
Odd. I can see how they would all get through or all get dropped, but half-and-half is a little weird if the drop rule's services truly cover all the traffic in question. If you are using an NBT group you may want to verify that the port you're seeing on the Rule 0 traffic is actually included in the drop rule. On an additional note, what everyone has said so far about hardening the firewall is decidedly on-point. Ideally, the computer shouldn't be capable of speaking NBT to *anything* by the time you're through with it. But if it has to be capable of speaking NBT for some reason (wanting to use centralized backup software to pick up the conf directory, for example), its ability to do so should be curtailed as much as possible at the OS level and *then* at the firewall/policy level. Let us know what you find on the Rule 0 exception. -----Original Message----- From: Jignesh Pathak [mailto:[email protected]] Sent: Thursday, April 04, 2002 2:14 PM To: [email protected] Subject: Re: [FW-1] How to stop FW machine to send nbname from itself? Thanks... Russell....By adding FW->Any->NBT->Drop with "Install On" set to "Src." Worked but...out of 4 packets it is dropping 3 packets by that explicit rule and accepting one packet by rule 0. Is there any I am missing? Thanks, Jignesh -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Russell Washington Sent: Thursday, April 04, 2002 4:01 PM To: [email protected] Subject: Re: [FW-1] How to stop FW machine to send nbname from itself? Your issue (aside from the fact that you may want to just kill all NBT stuff happening on the firewall) is likely that your policies are being applied on the Inbound direction only (policy properties). Packets originating at the firewall are, by definition, outbound, whether going to the Internet or an internal interface. You can take the approach of changing your policy property to Eitherbound, or you can add a rule that says something like FW->Any->NBT->Drop with "Install On" set to "Src." If you take the latter approach, log the rule initially so that you can verify that it is dropping the traffic. It should do the trick. Obviously, while NBT is the issue you hit this on, what you're seeing would actually apply to any service/protocol if the firewall were the source of the traffic. Hope this helps. -----Original Message----- From: Jignesh Pathak [mailto:[email protected]] Sent: Thursday, April 04, 2002 12:23 PM To: [email protected] Subject: [FW-1] How to stop FW machine to send nbname from itself? Hello: We have installed FW-1 v.4.1/SP5 on Windows 2000 SP2 at our client location. We have AnyàAnyàNBTàDrop rule base to drop nbname, nbtdatagram packets and FW is doing so. But FW logs shows that FW machine itself is sending nbname packets to internet side. How can I stop this? Is there any performance issue? Thanks, Jignesh ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|