True, that method won't work on https but https only allows one URL per IP Address....
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Gustavo Rios P Sent: 23 February 2010 12:16 To: [email protected] Subject: Re: [FW-1] Blocking Facebook, Twiter and Messenger with fw1 Hi, Assuming that you don't have URL Filtering feature, you could use http resources. I have made this configuration on several customers without problems. Go to SmartDashboard > Manage > Resources > New > URI Set a name and make sure you choose "Wildcards" as URI match Spec type, then go to "Match" tab and on the "Host" field, use the following syntax: {*facebook*,*twitter*,*some_other_domain*,*and_so_on*} Then, use this Resource on the Service field of a rule. I have seen these limitations on this configuration: - The rule with the resource must be before any other rule that allow http traffic (pretty obvious, ahh) - The firewall must be able to resolve names. If not, all web browsing will be rejected by the firewall - This will work just for http traffic, so If a user browse https://www.facebook.com it'll not work I hope this help, and if anybody has a workaround for these limitation I have found (beside using a proxy) it will be very appreciated. GRios _______________________________ Gustavo Ríos P. Network Security Engineer email: [email protected] www.cybertechprojects.com Telf.: +58 212 266 1980/ 2503 Cel: +58 412 801 4879 Fax: +58 212 266 9995 ****************************************************** NOTA CONFIDENCIAL: La información contenida en este E-mail es confidencial y sólo puede ser utilizada por la persona o la compañía a la cual está dirigido y/o por el emisor. Si no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este mensaje es prohibida y será sancionada por la ley. Si por error recibe este mensaje, favor devolverlo y borrar el mensaje recibido inmediatamente. CONFIDENTIAL NOTE: The information in this E-mail is intended to be confidential and only for use of the individual or entity to whom it is addressed and/or the issuer. If you are not the intended recipient, any retention, dissemination, distribution or copying of this message is strictly prohibited and sanctioned by law. If you receive this message by error, please immediately send it back and delete the message received. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Francisco Ruiz Ibañez Sent: Martes, 23 de Febrero de 2010 08:05 a.m. To: [email protected] Subject: [FW-1] Blocking Facebook, Twiter and Messenger with fw1 Hello We want to restrict access to facebook, twiter and messenger for some people. Can we do It using fw1? I've seen Msn ports defined in services tab but nothing about facebook, twiter and similar applications. Regards. ---------------------------------------------------------------------------- Este correo electrónico contiene información privada que puede estar legalmente protegida, parcial o totalmente. Es solo para uso del destinatario al que está dirigido. Si ha recibido este mensaje por error, le rogamos que lo notifique al remitente del email y que además borre de su sistema el mensaje así como todas sus copias, incluyendo las posibles copias del mismo en su disco duro, y se abstenga de usar, revelar, distribuir a terceros, imprimir o copiar ninguna de las partes de este mensaje. Los datos personales que pueda contener el presente mensaje, ya sea en su contenido o en los destinatarios, cumplen con lo establecido en la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Caracter Personal. ---------------------------------------------------------------------------- This e-mail contains proprietary information some or all of which may be legally protected. It is for sole use of the intended recipient only. If you have received this message by mistake, you are requested to notify the e-mail sender and erase both the message and any copies from your system, including hard disk copies. You are further requested to refrain from using, distributing to third parties, printing or making copies of any parts of this message. The personal data that may appear in this e-mail message are in accordance with the Organic Law 15/1999 of 13 December on the Protection of Personal Data. ---------------------------------------------------------------------------- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
