Re: Symantec VPN200r - More TCP/UDP Filters
From: Ron Jameson (subscriptions_at_noSPAMsleepysol.com)
Date: 02/12/04
- Next message: Bob Ladbury: "Best free firewall software Kerio vs. Zone Alarm?"
- Previous message: data64: "Re: Opera Browser"
- In reply to: Lars M. Hansen: "Re: Symantec VPN200r - More TCP/UDP Filters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Feb 2004 19:07:41 -0600
yes, they do work, but have you had any need to get beyond the 5 allowed
filters for TCP & UDP? I think because they don't include the more popular
HTTPS, SSH in the pick list, I need to take 2 of the 5 to allow this thus
leaving me only 3 left. Those got chewed up with symantec's virus download
port, a time port and (doh - kazaa). My UDP are not used as much as TCP,
but I have used 3 of the UDP.
I wish when you utilize the everyone it will INCLUDE everyone no matter
what, that way you can ultimately get 10 of each if you create a group for
the users...but when you create the group and add the MAC's - it ignores the
everyone because you specifically defined a group. This knocks me back down
to 5 TCP & 5 UDP. Granted, I only have this on a small network of under 20
users, but man, if I have this on a larger network, it will be a nightmare
to put in the MAC of all the PC's in a group.
There has got to be an easier way - or give us more access ports.
I use some watchgard SOHO's with clients, but I don't recall the limit there
when you close it all, then open what you need. The beauty of the 200r was
the DUAL WAN port. Watchguards implemention of the fail-over port is lame.
It is not automatic and you cannot run both at the same time which is how I
use the 200r (WAN port to bind SMTP, the other for HTTP usage).
now if only symantec can upgrade the firmware with more flexibility, this
box can be pretty sweet.
"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:706k20d168vpajqoujee3r03h2n995rl77@4ax.com...
> On Tue, 10 Feb 2004 20:42:32 -0600, Ron Jameson spoketh
>
> >I have the vpn200r appliance from symantec, blocking all but what is
allowed
> >thru access filters....how do I get more than the 5 additional that is
> >customized? Am I the only one who needs more than 5 IP ports for
everyone?
> >
> >Or, do I need to add the same users to group 1 for 5, then the same users
to
> >group 2 for another 5 and so on?
> >
> >Ron
> >
>
> I'm using the access groups to customize what is allowed among my
> various devices, and it seems to work fine. My only complaints are that
> the "HTTP" selection doesn't include HTTPS, and that "FTP" doesn't work
> with passive FTP.
>
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
- Next message: Bob Ladbury: "Best free firewall software Kerio vs. Zone Alarm?"
- Previous message: data64: "Re: Opera Browser"
- In reply to: Lars M. Hansen: "Re: Symantec VPN200r - More TCP/UDP Filters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
