You could try 128.0.0.0/1 and 127.0.0.0/1 - those two should match -everything-
without having a 0.0.0.0/0 :)
Still annoying, i'm sure, but this may help :)
Cheers,
--Dg
On Thu, 17 Feb 2000 [EMAIL PROTECTED] wrote:
> I have several Fireboxes running and have had mixed results. After getting
> accustomed to FW1, the Watchguard interface is somewhat
> counter-intuitive...
>
> You cannot open an ANY to ANY default rule in a simple manner. I have
> tried this several ways and have been through it with Tech Support. The
> only way to do it is to specify the subnets that are allowed on each
> interface and then include those subnets in the Any rule. For example, if
> you have 10.0.0.0/8, 192.168.0.0/16, and 172.31.0.0/16 on the Trusted
> interface and EVERYTHING ELSE (0.0.0.0/0) on the External interface, then
> your Any rule must enumerate those subnets. The problem is that you cannot
> add 0.0.0.0/0 to a rule. All IPs (in Watchguard) must start with something
> greater than 0. Therefore, you must add all /8 subnets to the other side
> of the Any rule. That sounds like fun!
>
> (If you are using private IP addresses on both sides of the Firebox
> remember to remove those addresses from the Blocked Sites list as
> Watchguard blocks these subnets by default. I use my boxes as internal,
> inter-departmental firewalls.)
>
> This is particularly frustrating in that the External interface ont he
> Watchguard will automatically capture all packets with a destination not
> specifically routed to the Trusted or Optional interface. Why can't we
> take advantage of this in an Any rule?
>
> If anyone comes up with a way to handle RPC services in a specific manner
> on Watchguard, please let me know!
> --------------------------------------------
> Andrew Walls, IT Security Analyst, BankWest
> 40 Frame Ct., Leederville, WA, 6007, Australia
> 61-8-9449-3787, FAX 61-8-9449-3795 Mobile 0419926368
> PGP Fingerprint: E0F7 296E D6D5 6057 1E1D F61B 2602 CB8A
>
>
> ---------------------------------------- Message History
> ----------------------------------------
>
>
> From: Ben Ostrowsky <[EMAIL PROTECTED]> on 16/02/2000 22:08
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Andrew Walls/PRS/SS/BankWest)
>
> Subject: Re: Watchguard Firebox II
>
>
>
>
> > I've just purchased a Watchguard Firebox II and i would love to hear what
> my
> > fellow colleauges thinks of it and also hear about solutions and stuff
> like
> > that.
>
> We've got one and are trying to figure out how to set it up in a permissive
> stance (allow all; deny this, this, and this). The manual claims you can
> do this, but the GUI configurator won't let you open up the "Any" service
> from Any to Any.
>
> Tech support said they'd have to call us back, which was fairly annoying.
>
> It does *look* cool, though...
>
> Ben
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
>
>
> _______________________________________________________________________________
> Unencrypted electronic mail is not secure and may not be authentic.
> If you have any doubts as to the contents please telephone to confirm.
>
> This electronic transmission is intended only for those to whom it is
> addressed. It may contain information that is confidential, privileged
> or exempt from disclosure by law. Any claim to privilege is not waived
> or lost by reason of mistaken transmission of this information.
> If you are not the intended recipient you must not distribute or copy this
> transmission and should please notify the sender. Your costs for doing
> this will be reimbursed by the sender.
> _______________________________________________________________________________
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
"My god man, what have you been reading, the gospel of St. Bastard?!?"
| icq/4813658 | yahoo/kender42 | [EMAIL PROTECTED] | aim/dg4293 |
| [EMAIL PROTECTED] | www/www.hollyfeld.org |
Ciao!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]