>Leave ftp cause you will need it for updates (you can turn it off now, and on when you need it)
Met vriendelijke groeten - Bien � vous -
Kind regards
Guy
ROELANDTS
EMEA GS Internet Expertise Centre - CCSE-NG
Compaq BeLux - now
part of the New HP
E-mail
: [EMAIL PROTECTED]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This
message may contain confidential and/or proprietary information,
and is
intended only for the person/entity to whom it was originally
addressed. The
content of this message may contain private views and
opinions which do not
constitute a formal disclosure or commitment
unless specifically stated.
Should you receive this message by mistake
please inform the sender
immediately.
==========================================================
From: Nall, Robert [mailto:[EMAIL PROTECTED]]
Sent: 17 November 2002 17:20
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Open ports
Port 80 is not for telnet, but for web access...
I would suggest you turn of 80 but then use 443 (https)
Leave ftp cause you will need it for updates (you can turn it off now, and on when you need it)
Do NOT use telnet (everything is in clear text)
Use SSH instead...
Just setup management station ips (static of course) that are allow to access the nokia/checkpoint
With the config that I gave before this will secure it where only you (who every you give access) can gain access to it...
-Robert Nall
-----Original Message-----
From: Hasan,
Irfan [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 17, 2002 9:36 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Open ports
Many thanks for all the response.
I can't trun off Voyager because I need to use it from local network for management.
When I telnet to port 80 or use web browser from internet there is no response but when I use Retina Network scanner it says the port 80 is open.
Is there a way to shut-off port 80 on Internet interface and keep it live on LAN connection???
-----Original
Message-----
From: Cheth [mailto:[EMAIL PROTECTED]]
Sent: Sun 11/17/2002
5:52 PM
To:
[EMAIL PROTECTED]
Cc:
Subject: Re: [FW-1] Open
ports
Sure....but that
wasn't Irfan's point. His point was that the firewall rule
should be dropping the
traffic, but isn't.
Regards,
C.
----- Original
Message -----
From: "<Aaron Reynolds>" <[EMAIL PROTECTED]>
To:
<[EMAIL PROTECTED]>
Sent: Friday, November 15,
2002 5:00 PM
Subject: Re: [FW-1] Open ports
> You need to go
into voyager and turn the stuff off. The firewall can have
> services
listening, which will then be blocked by the rulebase. It is
best
> to turn them
off in voyager, so you don't accidentally open something up.
>
> -Aaron
>
> -----Original
Message-----
> From: Carlos Santos [mailto:[EMAIL PROTECTED]]
> Sent: Friday,
November 15, 2002 8:51 AM
> To:
[EMAIL PROTECTED]
> Subject: Re: [FW-1] Open
ports
>
Importance: High
>
>
> It's rather strange you
have that, but then again, never worked with a
> nokia equip so why don't
you try a more direct aproach like
>
> Any -> FW-Module ->
Any -> Drop -> Log
>
> Hope it helps
>
> CS
>
> -----Original
Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED]]
On Behalf Of
> Hasan, Irfan
> Sent: sexta-feira, 15 de
Novembro de 2002 15:15
> To:
[EMAIL PROTECTED]
> Subject: [FW-1] Open
ports
>
>
> I'm
using Checkpoint NG FP2 on Nokia IP330.
>
> I've only two rules in my
firewall
>
>
Source
Destination
Service Action
>
> LAN
(10.1.1.x)
Any
Any
Allow
>
>
Any
Any
Any
Drop
>
> I
removed all implied rules.
>
> But when I scan my
firewall Internet connection from Internet,
>
> I found Port 21, 80
and 389 are open.
>
> How do close all these
open ports ??
>
>
Hope someone give me a clue. Thks... Irfan
>
>
=================================================
> To set vacation, Out Of
Office, or away messages,
> send an email to
[EMAIL PROTECTED]
> in the BODY of the email
add:
> set
fw-1-mailinglist nomail
>
=================================================
> To unsubscribe from this
mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
=================================================
> If you have any questions
on how to change your
> subscription options,
email
>
[EMAIL PROTECTED]
>
=================================================
>
>
>
_____________________________________________________________________
>
INTERNET MAIL FOOTER
> A presente mensagem pode
conter informa��o considerada confidencial.
> Se o receptor desta
mensagem n�o for o destinat�rio indicado, fica
> expressamente proibido de
copiar ou endere�ar a mensagem a terceiros.
> Em tal situa��o, o
receptor dever� destruir a presente mensagem e por
> gentileza informar o
emissor de tal facto.
>
---------------------------------------------------------------------
> Privileged or
confidential information may be contained in this
> message. If you are not
the addressee indicated in this message, you
> may not copy or deliver
this message to anyone. In such case, you
> should destroy this
message and kindly notify the sender by reply
> email.
>
---------------------------------------------------------------------
>
>
=================================================
> To set vacation, Out Of
Office, or away messages,
> send an email to
[EMAIL PROTECTED]
> in the BODY of the email
add:
> set
fw-1-mailinglist nomail
>
=================================================
> To unsubscribe from this
mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
=================================================
> If you have any questions
on how to change your
> subscription options,
email
>
[EMAIL PROTECTED]
>
=================================================
>
>
=================================================
> To set vacation, Out Of
Office, or away messages,
> send an email to
[EMAIL PROTECTED]
> in the BODY of the email
add:
> set
fw-1-mailinglist nomail
>
=================================================
> To unsubscribe from this
mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
=================================================
> If you have any questions
on how to change your
> subscription options,
email
>
[EMAIL PROTECTED]
>
=================================================
>
=================================================
To set vacation, Out Of
Office, or away messages,
send an email to
[EMAIL PROTECTED]
in the BODY of the email
add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this
mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on
how to change your
subscription options,
email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set
fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
