[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How do you manage multiple http ports??

To: [email protected]
Subject: Re: [FW-1] How do you manage multiple http ports??
From: Russell Washington <[email protected]>
Date: Tue, 29 Oct 2002 14:55:12 -0800
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Another option to consider would be having those consultants tweak *their*
networks to do port address translation when they're coming in from your IP
range.

It's a fine line to walk and every situation is different, but I know when I
go into a client site I don't expect them to rework their firewall policies
to let me out unless I've run out of options on my LAN's side first.

Just a thought, and it may not apply to your situation at all.

-----Original Message-----
From: Messier, Michel [mailto:[email protected]]
Sent: Tuesday, October 29, 2002 5:20 AM
To: [email protected]
Subject: [FW-1] How do you manage multiple http ports??


Hey all,

I'm wondering what the prefered method is to allow http traffic through to
the Internet when particular ports are used. In our case, we only allow
traffic through the standard http and https ports and coming from our
proxies. But we lately received a few request from consultants wanting to
access their intranet over the Internet. Their servers, on the other end,
listen to such ports as 1850 or 7349 or whatever.

I'm sure we're not the first ones to come accross such a situation. And we
certainly don't want to start managing all these request on a 1 by 1 basis
(people starting or leaving, keeping track, etc). On the other hand, I'm a
little bit reluctant to allow unrestricted access to the Internet from our
proxies.

So the question is: How are you managing this situation? What are the best
practices in such cases?

Thanks very much for your help,
Michel

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Securemote IKE
Next by Date: [FW-1] Backup NG rulebases and objects
Prev by thread: Re: [FW-1] How do you manage multiple http ports??
Next by thread: [FW-1] Saving Rulebases with associated Objects
Index(es):
- Date
- Thread