That would do. It is not a good idea though to allow "Any" service out to
Internet....RK
>>> braintek AT VIDEOTRON DOT CA 12/22/2005 1:41 PM >>>
I would do the following...
Source: Internal-net
Destination: Negate DMZ
Service: Any
Action: Accept
Negate DMZ means all except DMZ
----- Original Message -----
From: "Ramakrishnan Pillai" <rpillai AT CHARLESTONCOUNTY DOT ORG>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Thursday, December 22, 2005 1:35 PM
Subject: Re: [FW-1] Basic Rule Question
You are right on that....RK
>>> jlindblom AT MICO DOT COM 12/22/2005 11:17 AM >>>
Just need some clarification on this, I'm by no means an expert with
Firewall-1.
If I have a rule like this "Internal-net" "ANY" "ANY" "ACCEPT", I'm
assuming this would mean internal users have access to the internet and the
DMZ because of the destination "ANY" is this correct? If this is correct,
I would need a rule before this one "Internal-net" "DMZ" "ANY" "DROP" to
block access to the DMZ net right .
John
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
