Hi All,
If I have checkpoint connect directly to the internet routers or proxy
server, and smartcenter behind checkpoint; what's the policy/rules needed to
allow smardefense update?
Can u help me to construct the rules?
Thanks
On 2/23/06, Reinhard Stich <r.stich AT internet-security DOT at> wrote:
>
> hi,
>
> At 10:01 23.02.2006, you wrote:
> >Reinhard Stich wrote:
> > > hi,
> > >
> > > I can't recommend working with domain-names because the fw is required
> > > to do dns-lookups for every IP then - and this makes it slow.
> > >
> > > for http you can work with ressources - but this only works for http.
> >
> >Doesn't http_resoucers do dns-lookups? what's the diference? caches?
>
> ressource looks at HTTP-headers, domain-object in the rulebase looks
> into the IP-header over *every* packet, that's a little bit more to
> do for the firewall :-)
>
> my solution for that is to have a nslookup-script, that informs me
> about IP-changes for some sites and I update the firewall-config then ...
> this is ok for 1 or 2 domains, that's nightmare if you have more
> domains/URLs to monitor. then it's time to invest into a spezialized
> product :-)
>
> cheers
> reinhard
>
> --
> Reinhard Stich ASSIST R.Stich AT internet-security DOT at
> Internet Security AG, 1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
--
Juniman Kasman
Security Consultant
PT Packet Systems Indonesia
(a member of DMX Technologies)
Phone : +62 21 577 0777
Fax : +62 21 577 0222
Mobile : +62 816 965689
Email : juniman.kasman AT packet-systems DOT com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
