Re: Two Netscreen Questions

From: "Somebody." <somebody.@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 2 Mar 2006 15:25:14 -0500

<VistaCruiser1977@xxxxxxxxxxx> wrote in message
news:1141321927.338459.309120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

According to the documentation, the Netscreen 5GT can filter ActiveX,
.exe files, Javascript, etc., out of incoming HTTP connections. It
doesn't mention if this setting is global or if it can be set for
certain IP addresses or ranges. I'd like to enable this on my network,
but only for a single problematic user who always seems to be plagued
by viruses and malware. Can I enable this kind of filtering for a
single internal IP address only?

Where is it set? IIRC, it's a global setting that you enable or disable in
the DI setup, which you can then apply or not apply to a policy. But I
don't think you can apply or not apply it selectively from the rest of the
DI configs to different policies. I could be wrong though, I havent' played
with the DI on those units in a long time.

Second question... The 5GT only supports a single VIP. I have a VIP set
up to redirect several ports to machines on my DMZ zone (in the
172.16.0.0 subnet). I'd like to temporarily change the redirection for
one port to a machine on my Trust zone (in the 192.168.0.0 subnet) for
testing purposes. Can a single VIP redirect some ports to one zone and
another port to a different zone?

Yes, VIPs are actually global. It will work. Just set up the VIP like you
think it should be, with the correct destination address, and when you make
the policy, make it to the right zone, and you'll be fine.

BTW, I think you can do more than one VIP on a GT, just not if you're using
PPoE. At least, I've done it on XPs and XTs enough times, and generally the
GT's work about the same.

-Russ.

.

Follow-Ups:
- Re: Two Netscreen Questions
  - From: VistaCruiser1977

References:
- Two Netscreen Questions
  - From: VistaCruiser1977

Prev by Date: Re: Most Popular Hardware Firewalls?
Next by Date: Re: MYTOB questions
Previous by thread: Two Netscreen Questions
Next by thread: Re: Two Netscreen Questions
Index(es):
- Date
- Thread

Relevant Pages

Re: ZoneAlarm & KB951748 - My Fix Works!
... On the 'Internet Zone' section scroll down to 'Allow outgoing UDP ... Do the same for 'Allow outgoing TCP ports'. ... ZoneAlarm is investigating the issue with Microsoft update KB951748: ... as you implied yourself - it is a moot point now. ...
(microsoft.public.windowsupdate)
Re: ZoneAlarm & KB951748 - My Fix Works!
... On the 'Internet Zone' section scroll down to 'Allow outgoing UDP ... Do the same for 'Allow outgoing TCP ports'. ... ZoneAlarm is investigating the issue with Microsoft update KB951748: ... What to do - Only allow limited outgoing ports. ...
(microsoft.public.windowsupdate)
Re: ZoneAlarm & KB951748 - My Fix Works!
... On the 'Internet Zone' section scroll down to 'Allow outgoing UDP ... Do the same for 'Allow outgoing TCP ports'. ... ZoneAlarm is investigating the issue with Microsoft update KB951748: ... What to do - Only allow limited outgoing ports. ...
(microsoft.public.windowsupdate)
Re: Netscreen 5GT for home network?
... My home network currently runs a Linksys BEFSR41 ADSL NAT router, ... puts all 4 ports into one security zone called Trust. ... port mode called Combined, which is a Dual Untrust and Work-Home mode, ...
(comp.security.firewalls)
Re: Help wanted selecting a hardware firewall
... Basically for every point of isolation you're talking about an extra "zone". ... The Netscreens all have serial ports for console too. ... ISP supports PPPoE you can use an ethernet ADSL modem; ... what would be the best way to connect up my machines - ...
(comp.security.firewalls)