> Is there any way in FW-1 Ver 4.0 to block users from telneting or ftp'ing
> out on
> port 80? Port 80 is enabled for http access, and the users need
> telnet / ftp
> access to our DMZ. However they are also telneting out to boxes their own
> outside servers that are listening on port 80. So far FW-1 can't
> distinguish
> between an ftp/telnet session and an http session.
You can either:
1. Enable the HTTP Security Server for all outgoing HTTP traffic. Use
something like a "matchall" resource.
2. Use some INSPECT code I have written for HTTP. I posted it to the mailing
list a while back, but I discovered that it does not work on the latest
versions of FireWall-1. I'll repost it in the not too distant future.
--
Dameon D. Welch-Abernathy a.k.a. "PhoneBoy"
[EMAIL PROTECTED] http://www.phoneboy.com
The views expressed herein are not necessarily those of anyone else.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
