Are you using client authentication? Then it would be kinda stupid to filter it on the border gw. If you're not using it you can disable the rules enabling them (Action=Client Auth).
Lars > -----Original Message----- > From: Iftikhar A. Dar NOMIME DIGEST [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 19, 2002 07:22 > To: [EMAIL PROTECTED] > Subject: [FW-1] Vulnerability Test > > > Dear All, > > Recently we had a vulnerability test on our firewall version > 4.1 running on > NT4 machine (SP5). Both the firewall module & the management > module are > installed on the same machine. > > One of the vulnerabilities identifed was "firewall-1 client > authentication > enabled". And the recomendation was to filter the TCP ports > 259 and 900 on > the external interface of the firewall. > > How would I do that? By having an explicit rule in my policy or ...? > > > Thanks for your inputs. > > > Regards > > > Iftikhar A. Dar > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
