[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Websense



Title: RE: [FW-1] Websense

Jim,

Remember that when you implement a HTTP Resource rule, such as the one used to integrate with Websense, the FireWall shifts to using the HTTP Security Server to handle the requests.  One primary thing about the HTTP Security Server is that it ignores any NAT rules you might have and alters the request so that the source IP address is the external IP of the FireWall itself.  If you've set your rules to deny any requests destined for the external IP, then the return HTTP requests will be blocked.  So, your stealth rule needs to follow after the HTTP rules in order to get this to work.  You may also need to check your routing as well since this is a high availability situation.

-----Original Message-----
From: Previti, James [mailto:[email protected]]
Sent: Wednesday, October 16, 2002 8:26 AM
To: [email protected]
Subject: [FW-1] Websense


We have a Checkpoint Firewall1 fail-over pair (v4.1sp5a) we are trying to
integrate with Websense (v4.4) to filter Web traffic.  The Checkpoint platform
is Nokia IP440 and the Websense platform is Windows 2000.  After following the
documentation and setting up Websense and the corresponding firewall obects and
rules and testing, we found that the firewall is passing traffic to the web but
no access can be established.  If anyone has seen similar behavior I would like
to hera about it.

Thanks,

Jim Previti
Network Management Supervisor

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================