In general its not recommended to use domain objects for
performance reasons. You dont want your firewall looking up requests.
I would add your filter on the proxy and not the firewall.
Which proxy server is it ?
-----Original Message-----
From:
Martin, Kevin [mailto:[email protected]]
Sent: Friday, August 23, 2002 8:20 AM
To: [email protected]
Subject: Re: [FW-1] URL Screening with external Proxy
Why not just put a rule in the firewall that says:
Proxy Server -> www.xxx.ch any
reject ?
Then any connections to www.xxx.ch from the proxy server will
be
rejected AND you can see in the proxy server logs
who is trying to
connect to www.xxx.ch.
Thanks and Regards,
Kevin Martin <[email protected]>
TD Options, LLC Security Officer
230 S. LaSalle, 6th Floor Chicago, IL 60604
T: F:
-----Original Message-----
From: Klaus
Gribi [mailto:[email protected]]
Sent: Friday, August 23, 2002 7:31 AM
To: [email protected]
Subject: [FW-1] URL Screening with external Proxy
Hi all
I'm using a CP FW 4.1 SP5 on NT 4.0 SP 6a. The following
network layout
is in place:
Intranet --- My Firewall --- Proxy Server --- Other Firewall
---
Internet
The Web Browser client in the Intranet connects via the proxy
on port
8080 to the Internet. Everything is working
fine.
Now, I should block a special Web Site (www.xxx.ch). On "My
Firewall" I
created the following rule before the
proxy rule:
Source "Intranet", Destination "Proxy Server", Service
"tcp8080->badweb", Action "Reject"
Resource:
Name: badweb
Connection Methods: Proxy
URI Match:
WildCards
Schemes: http
Methods: get, post, head, put
Host:
www.xxx.ch
Path: *
Query:
*
Replacemnet Uri: Intranet-Site
HTML Weeding: nothing selected
Response
Scanning: nothing selected
CVP Server: none
Well all Proxy connections are then rejected instead of only
www.xxx.ch.
Tried to replace service "tcp8080" with
"http->badweb" with the same
result.
Any? Thanks.
Regards
Klaus
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please
see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please
see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================