I do mine mine first. The rules are evaluated in order, so I figure
why not throw out the garbage first thing? There's lots of local
traffic the firewall sees that you don't want going out. If you
have your logging turned on you will see it all. Simply create a
rule that drops all broadcasts and MS traffic you don't need and
turn off logging for that rule so you don't clutter up your logs
with junk you don't care about.
Hal
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Alexander Simbun
Sent: Tuesday, March 14, 2006 2:22 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Antwort: [FW-1] Microsoft-ds Traffic
Hi Thomas,
In your previous post as quote
"For a better performance on the intranet just add a second cleanup rule
at the end that rejects all the unauthorized traffic from the intranet
to the internet."
Do you mean the last rule of policies or it just a rule which rejects
all unauthorized traffic from intranet? Can you give a sample rule as
you mentioned in your previous post? I'm kinda curious here.
Thanks. Regards, Al.
Thomas Seher wrote:
> Hi Claudia,
>
> SmartDefense is intended to block irregular traffic, e.g. large ping
> packets. It also blocks known attack ports. The microsoft-ds traffic
> is regular, it would be interesting which site should be contacted in
> the internet. When the destination IP starts with 207.46.a.b it's in
> most cases the automatic software update process that tries to contact
> the Microsoft update sites. For a better performance on the intranet
> just add a second cleanup rule at the end that rejects all the
> unauthorized traffic from the intranet to the internet. Then the
> clients get the RST packets an don't hold half open sessions until the
> timeout occurs.
>
> Mit freundlichen Grüßen/Kind regards/Attentamente
>
> Thomas Seher
>
> ------------------------------------------------
> DEKRA AG
> * Abt.: HE22
> *
> Tel.: ++49 711 7861 2600 * Fax: ++49 711 7861 2241
> thomas.seher AT dekra DOT com * http://www.dekra.com
>
> ------------------------------------------------
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
