[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Any is not service any?
so, it should really read some some allow? :) >>> [email protected] 02/07/03 01:13PM >>> In accordance to Check Point engineers, ANY ANY ALLOW rule doesn't mean ANY protocol. There are just some certain protocols that are allowed but you have to specify many protocols manually in order to use them for your connections. So, create a separate rule for X.11 protocol. Best regards, Roman M. Zeltser, @National Computer Center DNE, RSIS Information Security Index <http://www.rtek2000.com/Tech/InternetSecureLinks.html> -----Original Message----- From: Shah, Nishith [mailto:[email protected]] Sent: Friday, February 07, 2003 1:27 PM To: [email protected] Subject: Re: [FW-1] Any is not service any? I am not sure why u didn't get a message in the info section of firewall log. It specifically says that if you want to allow X11 traffic you have to add a new rule for it. In FP3 "any" does not allow X traffic. -----Original Message----- From: Petra Klein [mailto:[email protected] <mailto:[email protected]> ] Sent: Thursday, January 16, 2003 5:28 AM To: [email protected] Subject: [FW-1] Any is not service any? Hi, I have encountered a weird problem and wonder if anyone has an explanation? We have a Firewall-1 NG FP3 and a rule SIP/DIP/any/encrypt. When we tried to connect to a service on port TCP-6001 the firewall rejected the packet on the any-rule with no explanation, just reject...Why? The rule is service any. The solution was to add a rule above the any-rule and explicit accept the TCP-6001 traffic...My question is why? I know the port belongs to the TCP service X11 (tcp port 6000-6063) but this is not X11 traffic, they just use that port on the server. Thanks and Regards Petra ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html <http://www.checkpoint.com/services/mailing.html> ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|