if you are using http security for your web site you have to define specific URI that allow/deny to specific URL cannot have service http->resource and http to web_site at a time because if you allow direct http to a web server, firewall will never check your http->resource Hope this will help -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 13, 2001 9:18 AM To: [EMAIL PROTECTED] Subject: [FW1] Problem with URI Resource Hi list, We have a problem with a http_uri resource created to avoid some http connection to a specific url. This is our ruleset: No. source destination service action track install on time comment 1. any web_site http-->uri_resource reject log firewall_cluster always 2. any web_site http accept log firewall_cluster always When rule 1 is disabled, the accepted connections have the source IP of the firewall node. However, if we disable the first rule, and all http connection go throught the second rule, it doesn't make proxy. Behind a load balancing schema based on source IP, it's obviously that we would like to had the second behaviour. These is the configuration: Two nodes in HA and Load Balancing with these configuration: SunOS host retevision.es 5.6 Generic_105181-23 sun4u sparc SUNW,Ultra-60, Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41814 [VPN + DES] SP3 and StoneBeat FullCluster for FireWall-1 version 2.0.2035 SP02a) What is the reason of this problem? How can we fix it? Any ideas? Thanks. Regards, Josu� La informaci�n incluida en el presente correo electr�nico es CONFIDENCIAL, siendo para el uso exclusivo del destinatario arriba mencionado. Si usted lee este mensaje y no es el destinatario se�alado, el empleado o el agente responsable de entregar el mensaje al destinatario, o ha recibido esta comunicaci�n por error, le informamos que est� totalmente prohibida cualquier divulgaci�n, distribuci�n o reproducci�n de esta comunicaci�n, y le rogamos que nos lo notifique, nos devuelva el mensaje original a la direcci�n arriba mencionada y borre el mensaje. Gracias. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
