[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW-1 initiate connection rule
Lance Spitzner wrote: <snip> > This rule will drop any connection initiated by the firewall, EVEN > if your firewall is only inspecting inbound packets and protect your > firewall from being used in various attacks. The trick is that the > "INSTALL ON" column is set to the Firewall, and not any. This causes > that single rule to inspect Eitherbound, while all the rest of the > rules still inspect inbound. Be advised, this also includes any mail, > dns, or syslog connection that your firewall may be initiating. You > may need to add a second rule before this one to allow that functionality. In addition to mail, dns, or syslog, don't forget the VPN stuff that's not generated by a (separate) management console. Binky ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|