In accordance to
Check Point engineers, ANY ANY ALLOW rule doesn't mean ANY protocol. There
are just some certain protocols that are allowed but you have to specify
many protocols manually in order to use them for your connections. So,
create a separate rule for X.11 protocol.
-----Original
Message-----
From: Shah,
Nishith [mailto:[email protected]]
Sent: Friday, February 07, 2003 1:27
PM
To:
[email protected]
Subject: Re: [FW-1] Any is not service
any?
I am not sure why u didn't get a message in the info
section of firewall log.
It specifically says that if you want to allow X11
traffic you have to add a new rule for it. In FP3 "any" does not allow X
traffic.
-----Original Message-----
From: Petra Klein [mailto:[email protected]]
Sent: Thursday, January 16,
2003 5:28 AM
To:
[email protected]
Subject: [FW-1] Any is not service
any?
Hi,
I have encountered a weird problem and wonder if
anyone has an explanation?
We have a Firewall-1 NG FP3 and a rule
SIP/DIP/any/encrypt. When we tried to
connect to a service on port TCP-6001 the firewall
rejected the packet on the
any-rule with no explanation, just reject...Why? The
rule is service any.
The solution was to add a rule above the any-rule
and explicit accept the
TCP-6001 traffic...My question is why? I know the
port belongs to the TCP
service X11 (tcp port 6000-6063) but this is not X11
traffic, they just use
that port on the server.
Thanks and Regards
Petra
=================================================
To set vacation, Out Of
Office, or away messages,
send an email to
[email protected]
in the BODY of the email add:
set fw-1-mailinglist
nomail
=================================================
To unsubscribe from this
mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on
how to change your
subscription options, email
[email protected]
=================================================
