FW: [FW1] Rule Base

[Juan Concepcion]

Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [EMAIL PROTECTED] -----Original Message----- From: Juan Concepcion [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 20, 2001 10:16 PM To: Ryan Realivasquez Subject: RE: [FW1] Rule Base First, you only need the first rule.  Secondly you'd have to add a rule in the address translation tab to allow your illegal internal network addresses to go out behind your firewalls external routable ip.   Security Policy Tab: Source       Destination   Service    Action      Track Network    Any                http        accept    long   Address Translation Tab Source     Destination    Service    Source            Destination    Service Network    Any                Any        Firewall(hide)    original    original   Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Realivasquez Sent: Tuesday, February 20, 2001 9:19 PM To: [EMAIL PROTECTED] Subject: [FW1] Rule Base Is it necessary within the rule base to provide for a connection going both ways?  In other words if i need http access for the entire network is it required to do the following two rules:   Rule X:    Network     Any         Http    Accept  Rule Y:   Any           Network    Http   Accept   Wouldn't just having the first one allow Http to work both ways  requests going out and requested data and acks coming in?     Thanks,   Ryan Realivasquez