Firewall Wizards mailing list archives
Re:
From: "jsg" <jgerrits () enteract com>
Date: Fri, 3 Dec 1999 23:08:54 -0600
Joel, ----- Original Message ----- From: Joel Snider <joel_snider () yahoo com> To: <firewall-wizards () nfr net> Sent: Friday, December 03, 1999 7:38 AM
I have been using a Checkpoint Firewall-1 to protect my DMZ from the Internet. Since installation I have noticed that my webservers which are on the DMZ behind the firewall seem to be connecting to multitudes of Internet host unsolicited.
Are you sure that the firewall is connecting to these hosts and not the hosts connecting through your firewall? If anything the firewall should be protecting your DMZ.
The destination port seems to be random, but often increments. The source port from web servers is always 80 or 443.
These ports that you listed are http (80) and https (443).
As I have added webservers this condition has gotten unbearable because of the massive amount of info in the log files. I do not allow unlimited access from the DMZ to the Internet so these packets are getting dropped at the firewall. I have checked with the web developement team and they say that they are not doing anything with the servers that would cause this. I know that I could filter out these events and not log them, but I want to understand what is happening first and look for other alternatives. Please let me know if you have seen this before.
In regards to packets being dropped from the DMZ to the Firewall I would recommend to only allow HTTP, and HTTPS out from the DMZ. Then if nbt is source of the drops create rule and drop without logging. NBT is used for name resolution. Good Luck, JSG
Thanks... __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com
__________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html
Current thread:
- [no subject] Joel Snider (Dec 03)
- Re: jsg (Dec 05)