RE: [FW1] FW-1 and Websense

Fri, 08 Dec 2000 13:29:38 -0800

Title: RE: [FW1] FW-1 and Websense
Actually, I need to make a little clarification.  The packets are being rejected for security, not dropped.  That was a mis-statement on my part.  The packets should be dropped.  I see a reject for action and then a content security message in the log file.  I seriously doubt CNN is a security issue.  But, when I allow to "ANY' it all works fine.
 

Marc Jacquard
SR. Systems Engineer
Fujitsu America, INC.
Hilo Office
email: [EMAIL PROTECTED]
Telephone: 808-934-4103
Pager: 888-787-5814

-----Original Message-----
From: BLATZHEIM Phillip [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 10:46 AM
To: 'Marc Jacquard'; Fw-1-Mailinglist@Lists. Us. Checkpoint. Com
Subject: RE: [FW1] FW-1 and Websense

Marc,

What is your firewall setup?  Platform/OS and FW-1 Ver?
        I have seen this on a Sun Solaris 2.6 box where routing did not get turned on properly and the box assumed 0.0.0.0 was a valid address rather than using the default route to the internet.

Just my $0.02
Phillip

-----Original Message-----
From: Marc Jacquard [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 1:50 PM
To: Fw-1-Mailinglist@Lists. Us. Checkpoint. Com
Subject: [FW1] FW-1 and Websense



I have a specific LAN for visitors that is only allowed access to the
outside world.  I have 3 rules defined for this network.

visitor-net             any                     http-->Adult    drop            long
vistor-net              external-net    http                    accept  long
                                                telnet
                                                ftp
                                                ssh
                                                https
                                                dns
visitor-net             any                     any                     drop            long

My problem is that I can do all the functions accept HTTP and HTTPS.  Every
packet that goes out on those two services are being drop for web security
reasons by websense.  The only way I have been able to get the rule to work
is instead of using the external-net object, I had to use the any for rule
#2.  This does not seem right to me.  Has anyone else had this problem?  My
external-net object is 0.0.0.0 and is used in my address translation table.
This was an object recommended by CkeckPoint.  I have called websense, but
they are a callback (No live people on the phones!) system and who knows
when they will call back.  Any help would be greatly appreciated.

Best regards,

Marc Jacquard
SR. Systems Engineer (CCSA)
Fujitsu America, INC.
Hilo Office
email: [EMAIL PROTECTED]
Telephone: 808-934-4103
Pager: 888-787-5814



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to