I am running FW-1 4.1 SP3 and had a VERY bad experience with configuring a URI resouce using a file containing 51 sites I wanted to block.
I created a rule that said From:<one test workstation IP Address> To:<Any thing except from my class B network> Service: URI Action: Drop Log: Long
The URI was defined at Transparent and proxy, with a imported file with the format of <ip address> space / space A and I had a redirect to a internal web page saying the site they visited was a suspected porno site.
I installed the rules and then the fun started.
1. The test workstation could not connect ot any internal or external web site.
2. When I went to remote the rule and re-install the policy, I get a "Connection Refused" during the installation of the ruleset.
3. I manuall unloaded the ruleset, and did a fw fetch <fw mgmt station ip address> and get a Core Segmentation Dump message, except my test workstation can now surf web sites.
4. I then use the FW gui to try and install a ruleset with still the "Connection Refused".
5. I can sucessfully ping from/to the fw management station.
6. After calling for support, I am told to reboot the firewall, and low and behold I can sucessfully install a policy.
So is the URI feature just plain bad? I am certian the syntax of the file I imported was correct because I exported it and it was exactly what I imported.
Has anyone implemented URI filtering by IP address via the File method and gotten it to work under SP3?
Do URI filtering work under SP5?
I posted this question Saturday and got ZERO replies, I'm not feeling good about trying this again without some feedback.
