From: Padden, Greg [mailto:[EMAIL PROTECTED]]
Sent: 18 December 2001 16:09
To: [EMAIL PROTECTED]
Subject: [FW-1] My VERY BAD UFI resouce experience!
I am running FW-1 4.1 SP3 and had a VERY bad experience with configuring a URI resouce using a file containing 51 sites I wanted to block.
I created a rule that said
From:<one test workstation IP Address> To:<Any thing except
from my class B network> Service: URI Action: Drop Log:
Long
The URI was defined at Transparent and proxy, with a imported file with the format of <ip address> space / space A and I had a redirect to a internal web page saying the site they visited was a suspected porno site.
I installed the rules and then the fun started.
1. The test workstation could not
connect ot any internal or external web site.
2. When I went to remote the rule and re-install the policy,
I get a "Connection Refused" during the installation of the ruleset.
3. I manuall unloaded the ruleset, and did a fw fetch <fw mgmt station ip address> and get a Core Segmentation Dump message, except my test workstation can now surf web sites.
4. I then use the FW gui to try and install a ruleset with still
the "Connection Refused".
5. I can sucessfully
ping from/to the fw management station.
6. After calling
for support, I am told to reboot the firewall, and low and behold I can
sucessfully install a policy.
So is the URI feature just plain bad? I am certian the syntax of
the file I imported was correct because I exported it and it was exactly what I
imported.
Has anyone implemented URI filtering by IP address via the File method and gotten it to work under SP3?
Do URI filtering work under SP5?
I posted this question Saturday and got ZERO replies, I'm not feeling good about trying this again without some feedback.
