Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] Problem with https from and external defined network to an intern

from Michael Guyear [Permanent Link]
Subject: [FW-1] Problem with https from and external defined network to an internal host
From: Michael Guyear <mguyear AT SEWANEE DOT EDU>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 26 Mar 2004 11:31:57 -0600 
Using NG3 on a linux platform
3 networks in the topology.

External - All off campus connection - defined as external in the Topology
Campus-network - All on campus users - defined as internal in the Topology
Secured-servers - Main campus admin servers - defined as Internal in the
Topology


WE have a HTTPS server running on port 4444 that we need to allow access to
from the internet. I set up a rule that allows traffic on port 4444 from
anywhere. (Source : any, Destination: httpsServer, If Via:Any, Service:
Tcp_Port_4444, Action:accept, Track:log)

Nowhere in the logs does it show up that a connection attempt is even made
and all the client sees is Cannot Finder Server in their browser.

I also set up a rule that allowed all traffic from a specif external address
to any destination on any service and logged it. Still did not see the HTTPS
request go through. (Source : External_static_IP, Destination: Any, If
Via:Any, Service:Any, Action:accept, Track:log)

Same thing nothing is passed through and nothing shows in the logs.

I also set up a rule that allowed all traffic from a Campus_Network to
httpsServer on port 4444 and logged it. . (Source : Campus_Network,
Destination: httpsServer, If Via:Any, Service: Tcp_Port_4444, Action:accept,
Track:log)

This  HTTPS request goes through fine and shows in the logs.

Is there something different that need to be done to allow HTTPS traffic
from external networks to access an internal server?

Thanks for any insight you could provide in advance.

Michael Guyear
Network Guy
The University of the South

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] Problem with https from and external defined network to an internal host, Michael Guyear <=
Previous by Date:  Re: [FW-1] Problems with DMZ network with NG AI R54!, Lars Higham
Next by Date:  [FW-1] Firewall Logs - Processing, O'Flynn, Derek
Previous by Thread:  [FW-1] Filtering websites, Rosenstein, Leon
Next by Thread:  [FW-1] Firewall Logs - Processing, O'Flynn, Derek
Indexes:  [Date] [Thread] [Top] [All Lists]