[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How do you manage multiple http ports??

To: [email protected]
Subject: Re: [FW-1] How do you manage multiple http ports??
From: Will Schwartz <[email protected]>
Date: Tue, 29 Oct 2002 08:47:26 -0500
Importance: Normal
In-Reply-To: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I've got about 40 custom rules at the bottom of my rulebase allowing for
specific exceptions to the standard policy. We open them up on a one by
one basis. I also add a note in the comments of who made the request and
the date. Then we go back and audit them to make sure they are still
needed. It works ok. But its not fun having the extra 40 rules in an
already large rule base.

Will


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of
Messier, Michel
Sent: Tuesday, October 29, 2002 8:20 AM
To: [email protected]
Subject: [FW-1] How do you manage multiple http ports??


Hey all,

I'm wondering what the prefered method is to allow http traffic through
to the Internet when particular ports are used. In our case, we only
allow traffic through the standard http and https ports and coming from
our proxies. But we lately received a few request from consultants
wanting to access their intranet over the Internet. Their servers, on
the other end, listen to such ports as 1850 or 7349 or whatever.

I'm sure we're not the first ones to come accross such a situation. And
we certainly don't want to start managing all these request on a 1 by 1
basis (people starting or leaving, keeping track, etc). On the other
hand, I'm a little bit reluctant to allow unrestricted access to the
Internet from our proxies.

So the question is: How are you managing this situation? What are the
best practices in such cases?

Thanks very much for your help,
Michel

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] How do you manage multiple http ports??
  - From: "Messier, Michel" <[email protected]>

Prev by Date: Re: [FW-1] Question on IP pools NAT
Next by Date: Re: [FW-1] Question on IP pools NAT
Prev by thread: [FW-1] How do you manage multiple http ports??
Next by thread: Re: [FW-1] How do you manage multiple http ports??
Index(es):
- Date
- Thread