There is an "negate" option in the policy editor, so that you can say: not Internal, or Not Internet..
Right click the object in the rule, and choose "negate" (or is it "invert"?) from the pop-up menu. Cheers, Anders :) > -----Original Message----- > From: Gordon Webber [mailto:[EMAIL PROTECTED]] > Sent: 15. februar 2002 10:25 > To: [EMAIL PROTECTED] > Subject: [FW-1] Policy question - FW-1 1.4.2 > Importance: High > > > Hi All, > I am trying to add rules to my policy that will selectively > allow port 80 > access to my DMZ servers. > I can specifically code the source addresses for internal clients, but > obviously not for the WWW users. > If I add a line like - "any DMZ www accept > fw-cluster" - I > immediately make all specific rules for www access redundant ! > > So I need some way of identifying the Internet users with a > global network > object ? > > I could do this if I knew how to code a "negative" rule (ie > "if the source > address is not from my internal network, then it must be the > Internet") but > I can find no way of doing this in the Policy Editor. > > Just for the record, this is easier with PIX since the rules > are applied > relative to the interface. > I know I can code access-lists in FW-1, but have never tried > ; is this a > solution ? > > Any suggestions.... please ! (while I still have some hair left ) > > Thanks in advance, > Gordon > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
