[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Websense

To: [email protected]
Subject: Re: [FW-1] Websense
From: egonle <[email protected]>
Date: Fri, 18 Oct 2002 17:15:56 -0400
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

is there also a way to use the Websense-UFP protocol to filter HTTPS (not http) requests? How about filtering http access to webservers which use port 81,85,8080 or anything else?

If yes, how can this be done?


Regards,
Egonle

[email protected] wrote:

>Jim,
>
>Remember that when you implement a HTTP Resource rule, such as the one used
>to integrate with Websense, the FireWall shifts to using the HTTP Security
>Server to handle the requests.  One primary thing about the HTTP Security
>Server is that it ignores any NAT rules you might have and alters the
>request so that the source IP address is the external IP of the FireWall
>itself.  If you've set your rules to deny any requests destined for the
>external IP, then the return HTTP requests will be blocked.  So, your
>stealth rule needs to follow after the HTTP rules in order to get this to
>work.  You may also need to check your routing as well since this is a high
>availability situation.
>
>-----Original Message-----
>From: Previti, James [mailto:[email protected]]
>Sent: Wednesday, October 16, 2002 8:26 AM
>To: [email protected]
>Subject: [FW-1] Websense
>
>
>We have a Checkpoint Firewall1 fail-over pair (v4.1sp5a) we are trying to
>integrate with Websense (v4.4) to filter Web traffic.  The Checkpoint
>platform
>is Nokia IP440 and the Websense platform is Windows 2000.  After following
>the
>documentation and setting up Websense and the corresponding firewall obects
>and
>rules and testing, we found that the firewall is passing traffic to the web
>but
>no access can be established.  If anyone has seen similar behavior I would
>like
>to hera about it.
>
>Thanks,
>
>Jim Previti
>Network Management Supervisor
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================
>

__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Internet Browsing Stops Intermittently
Next by Date: Re: [FW-1] Change management tools and techniques
Prev by thread: Re: [FW-1] Websense
Next by thread: Re: [FW-1] Websense
Index(es):
- Date
- Thread