Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [EMAIL PROTECTED]

-----Original Message-----
From: Juan Concepcion [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 20, 2001 10:16 PM
To: Ryan Realivasquez
Subject: RE: [FW1] Rule Base

First, you only need the first rule.  Secondly you'd have to add a rule in the address translation tab to allow your illegal internal network addresses to go out behind your firewalls external routable ip.
 
Security Policy Tab:
Source       Destination   Service    Action      Track
Network    Any                http        accept    long
 
Address Translation Tab
Source     Destination    Service    Source            Destination    Service
Network    Any                Any        Firewall(hide)    original    original
 

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [EMAIL PROTECTED]

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Realivasquez
Sent: Tuesday, February 20, 2001 9:19 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Rule Base

Is it necessary within the rule base to provide for a connection going both ways?  In other words if i need http access for the entire network is it required to do the following two rules:
 
Rule X:    Network     Any         Http    Accept 
Rule Y:   Any           Network    Http   Accept
 
Wouldn't just having the first one allow Http to work both ways  requests going out and requested data and acks coming in?
 
 
Thanks,
 
Ryan Realivasquez

Reply via email to