Re: [FW-1] URL Screening with external Proxy

["Martin, Kevin" <Kevin.Martin@FW1-NOSPAMTDSECURITIES.COM>]

Title: Message

This is not a domain object but a workstation object.  I'm not telling him to block the .ch domain but the host www.xxx.ch.

 

 

Thanks and Regards,

Kevin Martin <Kevin.Martin@tdsecurities.com>
TD Options, LLC   Security Officer
230 S. LaSalle, 6th Floor  Chicago, IL  60604
T:  F:

-----Original Message-----
From: Hubbard, Dan [mailto:dhubbard@WEBSENSE.COM]
Sent: Friday, August 23, 2002 12:38 PM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] URL Screening with external Proxy

In general its not recommended to use domain objects for performance reasons. You dont want your firewall looking up requests.

I would add your filter on the proxy and not the firewall. Which proxy server is it ?

-----Original Message-----
From: Martin, Kevin [mailto:Kevin.Martin@TDSECURITIES.COM]
Sent: Friday, August 23, 2002 8:20 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] URL Screening with external Proxy

Why not just put a rule in the firewall that says:

Proxy Server -> www.xxx.ch any reject           ?

Then any connections to www.xxx.ch from the proxy server will be
rejected AND you can see in the proxy server logs who is trying to
connect to www.xxx.ch.

Thanks and Regards,

Kevin Martin <Kevin.Martin@tdsecurities.com>
TD Options, LLC   Security Officer
230 S. LaSalle, 6th Floor  Chicago, IL  60604
T:  F:

-----Original Message-----
From: Klaus Gribi [mailto:klaus.gribi@CLOUNET.CH]
Sent: Friday, August 23, 2002 7:31 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: [FW-1] URL Screening with external Proxy

Hi all

I'm using a CP FW 4.1 SP5 on NT 4.0 SP 6a. The following network layout
is in place:

Intranet --- My Firewall --- Proxy Server --- Other Firewall ---
Internet

The Web Browser client in the Intranet connects via the proxy on port
8080 to the Internet. Everything is working fine.

Now, I should block a special Web Site (www.xxx.ch). On "My Firewall" I
created the following rule before the proxy rule:

Source "Intranet", Destination "Proxy Server", Service
"tcp8080->badweb", Action "Reject"

Resource:
Name: badweb
Connection Methods: Proxy
URI Match: WildCards
Schemes: http
Methods: get, post, head, put
Host: www.xxx.ch
Path: *
Query: *
Replacemnet Uri: Intranet-Site
HTML Weeding: nothing selected
Response Scanning: nothing selected
CVP Server: none

Well all Proxy connections are then rejected instead of only www.xxx.ch.
Tried to replace service "tcp8080" with "http->badweb" with the same
result.

Any? Thanks.

Regards
Klaus

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================