Penetration Testing mailing list archives
Re: firewall question
From: Rzac` <bugtrack () mail ru>
Date: Thu, 14 Feb 2002 21:11:46 +0100
Hi there, On 14/Feb/2002, leon wrote: l> (...) l> So to reiterate; is there a way to configure pix or checkpoint to l> judge the connection based on protocol as opposed to arbitrary l> things like source ip, destination IP or port numbers? l> (...) I'm no Pix or Firewall-1 expert, but I do not think you could readily setup that kind of filtering in them. As a work around, I suggest to add a proxy server to your network and configure your firewall to reject outgoing connections coming from boxes other than the proxy server. I did that kind of setup with OpenBSD and squid at a small business -- it worked like a charm. :) Also, relying on a proxy server eases enforcement of your site's Internet access policy (i.e. disallowing *.mp3, *.mpeg, *.exe, etc.) It does not offer as many possibilities as a dedicated Internet filtering solution (i.e. Websense), but it is still better than nothing! Setting up the proxy server as transparent avoided me to define proxy server settings in any of my client's Internet browsers. Regards, Rzac`. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- firewall question leon (Feb 14)
- Re: firewall question Rzac` (Feb 14)
- Re: firewall question Michael Starr (Feb 14)
- Re: firewall question John Adams (Feb 14)
- Re: firewall question dr . kaos (Feb 14)
- RE: firewall question Panos Dimitriou (Feb 15)
- <Possible follow-ups>
- Re: firewall question Dario N. Ciccarone (Feb 14)
- RE: firewall question Matt Peterson (Feb 15)
- Re: firewall question dr . kaos (Feb 15)