Re: Breaks in connectivity with firebox
From: Leythos (void_at_nowhere.com)
Date: 11/14/03
- Next message: TPG: "Checkpoint SecureClient-office mode porblem"
- Previous message: Hugo Drax: "Re: buy a firewall"
- In reply to: Jason Gallas: "Re: Breaks in connectivity with firebox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Nov 2003 01:09:12 GMT
In article <g8Vsb.188331$Zq3.167335@fe12.atl2.webusenet.com>,
jgallas@usa.nospam.net says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1a1de4e920ada120989dfd@news-server.columbus.rr.com...
> > In article <0kUsb.195112$644.41049@fe14.atl2.webusenet.com>,
> > jgallas@usa.nospam.net says...
> > > Alright. Tried it with my ISP's IP address and it failed again.
> >
> > Ok, now we have a good test:
> >
> > 1) Is the application still running on the same computer that you had it
> > working perfectly before?
>
> Yes
>
> > 2) What did you change anywhere in the network?
>
> Other than adding the firewall not much. I upgraded some NT workstations to
> Windows 2000 Pro, but other than that the network has been pretty solid
> since the Firewall upgrade.
>
> > 3) Are you using a HTTP Proxy or HTTP unfiltered?
> > There are HTTP Packet Filters and HTTP Proxies - the Proxy is the
> > slowest and can filter/block content and such. The Packet Filter
> > and Proxy both have boxes that you can check that allow you to
> > block users that attempt to connect via this rule.
>
> HTTP Proxy is being used for all outbound TCP/IP traffic. It is also being
> used for our inbound port 80 on our web server. We are currently using a
> proxy server for all workstation access (the same one we had before the
> firewall installation). We are using this until we can find a better way of
> accessing the internet directly (I don't like the web page port 4100 access
> technique). The servers are all set to have outbound access by their IP
> address. The web server has more than one IP address so the range has
> direct access.
Try adding a HTTP Packet Filter for the application to use - and don't
run it through the internal Proxy server before it gets to the firebox.
Did you know that you can specify that HTTP Proxy can service specific
IP addresses in your network? You don't have to configure it for
TRUSTED, you can pick IP's or a range of IP's. I run a DHCP server with
the address scope selected to use the HTTP Proxy (with web and content
filtering) and have fixed IP's for IT computers - they are using HTTP
Packet filter mode. I also have a generic IT user in the FB so that any
IT person can get FULL access to the web from anywhere.
> > Try using the Packet Filter for this program - you can actually set
> > rules so that all users use the Proxy, but your IP uses the Filter.
Try this and let me know if it works.
> >
> > Since you just installed it, have you called WG - it should be under
> > warranty and have free support for 1 year.
>
> I tried their support forum with less than adequate results. I'm thinking
> about opening a trouble ticket. Just wanted to try this newsgroup first
> because you only get 3 tickets and I've already used one :-)
[snip]
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: TPG: "Checkpoint SecureClient-office mode porblem"
- Previous message: Hugo Drax: "Re: buy a firewall"
- In reply to: Jason Gallas: "Re: Breaks in connectivity with firebox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
