Re: [FW-1] SmartDefense and IM applications

Subject:	Re: [FW-1] SmartDefense and IM applications
From:	Ray <sixsigma44 AT HOTMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 25 Feb 2005 20:09:56 -0500

You can't do it. SmartDefense is an all-or-nothing feature. Hopefully this
will change in a future version. Microsoft just released a KB on blocking
MSN and they said to drop TCP 1836 (Ithink it was) and also block
messenger.hotmail.com .

Since all you mentioned was MSN, you might be able to do it that way if you
have all known IPs for the end users.

Ray

From: Juan Andrés Galavís <JGalavis AT ATENTOVENEZUELA.COM DOT VE>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SmartDefense and IM applications
Date: Fri, 25 Feb 2005 16:50:48 AST

Hello list,

I am running two Nokia IP350 modules IPSO 3.71, Firewall-1/VPN-1 NG with AI
R55, and have the SmartDefense service active. I want to block IM
applications for certain users, but allow them to a select group. If I
enable the Application Intelligence -> HTTP Protocol Inspection -> Peer to
Peer header detection for MSN, all packets are dropped (even the privilege
users with an MSN access allow rule).

I need to block this service (application header inspection included) to
some users, but allow it to a select group. Any ideas?
Thank you.

Cheers! / Saludos!

Juan Andrés Galavís

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] SmartDefense and IM applications, Juan Andrés Galavís Re: [FW-1] SmartDefense and IM applications, Ray <= Re: [FW-1] SmartDefense and IM applications, DIOTTE, SHANNON S Re: [FW-1] SmartDefense and IM applications, Ray

Previous by Date:	Re: [FW-1] Secure Client - Remote Client, Ray
Next by Date:	Re: [FW-1] Best OS on management station., Ray
Previous by Thread:	[FW-1] SmartDefense and IM applications, Juan Andrés Galavís
Next by Thread:	Re: [FW-1] SmartDefense and IM applications, DIOTTE, SHANNON S
Indexes:	[Date] [Thread] [Top] [All Lists]