[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] URL Screening with external Proxy
Title: RE: [FW-1] URL Screening with external Proxy
In general its not recommended to use domain objects for performance reasons. You dont want your firewall looking up requests.
I would add your filter on the proxy and not the firewall. Which proxy server is it ?
-----Original Message-----
From: Martin, Kevin [mailto:[email protected]]
Sent: Friday, August 23, 2002 8:20 AM
To: [email protected]
Subject: Re: [FW-1] URL Screening with external Proxy
Why not just put a rule in the firewall that says:
Proxy Server -> www..ch any reject ?
Then any connections to www..ch from the proxy server will be
rejected AND you can see in the proxy server logs who is trying to
connect to www.xxx.ch.
Thanks and Regards,
Kevin Martin <[email protected]>
TD Options, LLC Security Officer
230 S. LaSalle, 6th Floor Chicago, IL 60604
T: F:
-----Original Message-----
From: Klaus Gribi [mailto:[email protected]]
Sent: Friday, August 23, 2002 7:31 AM
To: [email protected]
Subject: [FW-1] URL Screening with external Proxy
Hi all
I'm using a CP FW 4.1 SP5 on NT 4.0 SP 6a. The following network layout
is in place:
Intranet --- My Firewall --- Proxy Server --- Other Firewall ---
Internet
The Web Browser client in the Intranet connects via the proxy on port
8080 to the Internet. Everything is working fine.
Now, I should block a special Web Site (www.xxx.ch). On "My Firewall" I
created the following rule before the proxy rule:
Source "Intranet", Destination "Proxy Server", Service
"tcp8080->badweb", Action "Reject"
Resource:
Name: badweb
Connection Methods: Proxy
URI Match: WildCards
Schemes: http
Methods: get, post, head, put
Host: www.xxx.ch
Path: *
Query: *
Replacemnet Uri: Intranet-Site
HTML Weeding: nothing selected
Response Scanning: nothing selected
CVP Server: none
Well all Proxy connections are then rejected instead of only www.xxx.ch.
Tried to replace service "tcp8080" with "http->badweb" with the same
result.
Any? Thanks.
Regards
Klaus
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================