Greetings all
> Wonder if u can help!!
>
A few days ago, our old FireWall/Proxy server crashed. Since the new
FireWall is to replace the old one, I was asked to migrate only our Internet
users over to FW1 and to allow the entire company to browse through the
"proxy" service of FW1 after working hours. This was done with little
effort. However, we have a requirement that should allow everyone in our
organisation the right to surf/browse a few specific sites which can be
identified by IP address. However, when attempting to set this up, the
stealth rule comes into play and drops these connections. PS the rules as
defined below are all above the stealth rule. Note that since we do not have
proxy server, we have to setup a resource for http with the proxy option in
the resource checked. Also clients browsers were configured to proxy to the
old proxy server on port 8080. We have setup another http resource with the
filter on port 8080. This is configured in the fwauthd.conf file as dictated
by phoneboy's suggestions. It works, if I allow the following rule to define
our entire network to any destination on resource service http and
http-8080.
For the allowed internet users the following rule
> Source Destintaion Service
> Action Track Install On Time Comment
> Usersgroups Any http->http-out
> Accept etc etc etc etc
> http-8080->http-out
>
> Now, for the entire company to be granted after hours access, I have the
> ffg rule.
>
> Source Destintaion Service
> Action Track Time Install On Time Comment
> Kentron_Network Any http->http-out
> Accept etc AFTER HRS etc etc etc
> http-8080->http-out
>
> However, during the day we want to allow everyone to surf to Vodacom and
> MTN's SMS sites, so I have a rule as follows.
>
> Source Destintaion Service
> Action Track Time Install On Time Comment
> Kentron_Network www.mtnsms.com http->http-out
> Accept etc Any etc etc etc
> websms.vodacom.net http-8080->http-out
>
> But this does not WORK!!!! I get the connections dropped on the Stealth
> Rule. PS The rules above are all above the stealth rule so they should be
> parsed, but it does not. Help me please, this is wrecking my mind!!!!!
>
> Thanx a million
>
> Sumash
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager at [EMAIL PROTECTED]
**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
